On Sat, 12 Nov 2022, at 8:25 PM, [email protected] wrote:
> But yes, basic + https will work, since this is a new CalDAV install. I was
> previously using the same imapd.conf file with both imapd/pop3d and httpd,
> but I've now created a custom conf file for httpd.
>
> Changing to plain + STARTTLS for all imap/pop3 clients would be more
> difficult, given how many clients (Outlook!) are already using DIGEST-MD5
> there, but I should probably get started on that.
Even in the same install, with the same config, you should be able to configure
it differently for different services. I don't exactly remember the specifics
(so please cross reference the documentation), but the approximate shape is
something like this...
In your cyrus.conf, you'll have an entry under SERVICES for each service. Your
https service, for example, might look something like this:
https cmd="httpd -s" listen="https" prefork=0
That word on the left hand side ("https") is a name for the service, that you
choose. It's usually named after the protocol it serves, but it can be
anything you want.
In your imapd.conf, most (all?) entries can be prefixed with one of these names
to provide a configuration that is specific for the named service only. So as
a contrived example, your imapd.conf could contain:
debug: no
dbgimap_debug: yes
And if you then had a SERVICES entry like:
dbgimap cmd=imapd listen=2993 prefork=0
That service would run with "debug: yes" instead of the "debug: no" that's
configured for everything else, and imap clients connecting to port 2993 would
have their actions logged at the higher logging level.
In your specific case, there's some SASL option that you put in your imapd.conf
that controls which mechs are supported -- it's something like "sasl_mech_list"
but I don't remember exactly offhand. Anyway, assuming your https service is
named "https", you could have something like this in your imapd.conf:
sasl_mech_list: [whatever you need for imap/pop/etc]
https_sasl_mech_list: [whatever you need for https]
And then you'd be able to configure your https with whatever auth configuration
it needs, without needing to change how your other services are auth'd. Hope
this is useful somehow :)
Cheers,
ellie
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/T1d517753ec5acc28-M04d1e6c773b12d904782d9ad
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
