hi,
my main question here (as always) why we need sasl at all?
what is the main pros for sasl?
I've never seen any good reason.
anyway why do you use dovecot-auth for postfix? postfix has many
authentication mechanism for everything.
Timo Sirainen wrote:> Again today got annoyed at Cyrus SASL. Upgrading it to newer version had
> broken PAM support. Trying to login as "user at domain" resulted
it only
> asking for "user" from PAM. Well, got it patched and working
again, but
> I'd rather not go through it all the time..
>
> So I finally did what I had been thinking about a year or so, change
> Postfix to use dovecot-auth directly. This required cleaning
> dovecot-auth quite a lot, but it seems to be working now.
>
> Actually I finally implemented support for initial SASL response as
> well. POP3's AUTH command had required support for it, strange that
> no-one ever complained about it not working.
>
> If you want to try it, you need very latest CVS version of Dovecot and
> this patch for Postfix:
>
> http://dovecot.org/patches/postfix-dovecot-auth.patch
>
> dovecot-auth can be run on it's own (configuration in environment
> variables), or you can use extra_sockets auth setting which is a
':'
> separated list of UNIX sockets where to listen in. You'd probably want
> to set it to /var/spool/postfix/etc/dovecot-auth, the location is
> hardcoded to /etc/dovecot-auth in the patch for now (smtpd is chrooted).
>
> The only real problem is that Dovecot creates the dovecot-auth socket
> using 0660 root:root modes, so you have to manually chmod it to 0666 or
> fix owner/group. I guess that needs some more thinking.. Probably each
> socket should have separate settings for it, but how to do it easily in
> configuration? ..
>
> The patch has also hardcoded dovecot path in Makefile.in, you'll need
to
> change that.
>
--
Levente "Si vis pacem para bellum!"