[CentOS] Which imapd?

Tue Oct 25 06:25:42 UTC 2005
jean-sebastien Hubert <security at air-austral.com>

Nels Lindquist wrote:

>On 24 Oct 2005 at 14:23, jean-sebastien Hubert wrote:
>
><snip>
>
>  
>
>>!!!!!!!!!!!!!!
>>I have a cyrus-imapd to admin (with mysql, postfix) and .. the thing i
>>can say is: in the next 3 month, I will install courier to kick this
>>... of . (there is 500 accounts on this server)
>>Cyrus is very hard to install/configure/manage.
>>    
>>
>
>You seem to be confusing Cyrus-IMAPD with Cyrus-SASL.  Cyrus-IMAPD 
>doesn't use any kind of SQL backend, and I have no idea why you'd 
>want to try.
>
>Cyrus SASL is used by Cyrus IMAPD (and many other applications) for 
>authentication support, and it can indeed be quite complex to 
>configure because of the enormous number of available backends and 
>configuration options.  Getting rid of Cyrus-IMAPD won't rid you of 
>your SASL configuration headaches if, say, you're using SMTP AUTH 
>with Postfix, because Postfix (along with many other MTAs) requires 
>Cyrus-SASL for its AUTH support.
>
><snip>
>
>  
>

That's a global problem in fact: cyrus-imapd/cyrus-sasl/postfix/mysql
must be run together; and that's hard to configure
them when you don't have a distro which is "cyrus ready", like RHAS3 or
Debian Woody ...


>>Maybe; the problem with cyrus is when you use it with mysql and postfix
>>.. you need to recompile so many stuff , and more you
>>modify your distrib, more it's hard to apply security updates.
>>    
>>
>
>The version of Cyrus-SASL which shipped with CentOS3/RHEL3 is 
>somewhat antiquated, and the SQL plugin support pretty clunky.
>

That was the main problem: use the default cyrus-sasl is ... impossible
(in RHAS3),
you need to modify your system with non-standard rpms so in a certain
way you "break" your RHAS3 compilance.

>  I'd 
>strongly recommend that if you're using Cyrus software on RHEL3 or 
>smilar, you should download Simon Mattar's Cyrus SRPMs:
>
>http://www.invoca.ch/pub/packages/cyrus-sasl/
>http://www.invoca.ch/pub/packages/cyrus-imapd/
>
>Late in the SASL 2.1.x branch, support for both MySQL and Postgresql 
>was shifted to a single sql plugin which allows for specific backend 
>configuration in the sasl.conf files.
>
>  
>
I will try it soon.

Thanks