With this updated Cyrus-SASL, comes with a new set of flags that should be available. When you run, for example, an MTA against SASL for AUTH, every auth plugin sasl has available, the MTA will announce as well (for example, postfix, which won't let you specifically disable auth methods directly). This comes with a slight bit of additions of sasl-authmodule flags. Because of this, at least some default auth modules need to be in the global-wide USE defaults. The SASL flags are as follows: sasl-plain - AUTH PLAIN sasl-login - AUTH LOGIN sasl-cram - AUTH CRAM-MD5 (depreciating by DIGEST-MD5) sasl-scram - AUTH SCRAM-MD5 (depreciated) sasl-digest - AUTH DIGEST-MD5 (suggested new standard) sasl-krb4 - AUTH Kerberos IV sasl-gssapi - (for extended kerberos functionality) sasl-opie - One-Time Passwords in Everything By default, I propose the first 5 of those to be added to the global use defaults, providing the same effect as the 2.1.7 ebuild, but allowing users to disable specific features, or enable others. Some more flags, for extending the SASL auth capabilities. Right now, they're experimental, and should not be enabled by default for that very reason: sasl-ldap - OpenLDAP support (experimental) sasl-mysql - MySQL support (experimental) The latter flags are global between Cyrus-SASL and Cyrus-IMAPD: cyrus-berkdb - Berkeley DB cyrus-gdbm - gdbm These two flags are for setting the default dbm format Cyrus-SASL, and Cyrus-IMAP use. Neither should be set by default, fallback is set to use berkeley just as the ebuild did to begin with.
Created attachment 3123 [details] Cyrus-SASL flag extensions. The above mentioned flags are provided here.
Correction. sasl-gssapi is MIT Kerberos V or Heimdal Kerberos V
cyrus-sasl-2.1.7-r1 has been added to portage. Please test and report back on this bug report your experience. The files should be available on rsync servers within 24 hours.
I have removed the extensive list of use flags as it is overkill for authenticator choosing. I have reverted the ebuild to install the default enabled authenticators. Things affected by use flags are now... ldap mysql berkdb static kerberos The authenticator used is chosen during configuration after install and having all default authenticators included does not increase binary or library size significantly.