Hi, I've been working on a patch for GSSAPI (Kerberos) support. It seems to work pretty well for authentication (I've tested it with Evolution, fetchmail, and mutt). I have also been working on implementing integrity/confidentiality protection. Unfortunately not many clients support this - the only one I've found really is mutt, which seems to disconnect from the server for some unknown reason not long after a Kerberos-secured conversation. I'm still trying to track that down. But anyways the patch is far along enough that I think it's worthy of review and testing. Some todo items: 0) Track down bug preventing mutt from working 1) Audit integrity proxy a bit more 2) Make sure we're handling mechanisms other than Kerberos 3) Test with more clients -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-gssapi.patch Type: text/x-patch Size: 51902 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20040712/54e394d8/attachment-0002.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20040712/54e394d8/attachment-0003.bin>
On Mon, 2004-07-12 at 17:20, Colin Walters wrote:> I've been working on a patch for GSSAPI (Kerberos) support. It seems to > work pretty well for authentication (I've tested it with Evolution, > fetchmail, and mutt). I have also been working on implementing > integrity/confidentiality protection. Unfortunately not many clients > support this - the only one I've found really is mutt, which seems to > disconnect from the server for some unknown reason not long after a > Kerberos-secured conversation. I'm still trying to track that down. > > But anyways the patch is far along enough that I think it's worthy of > review and testing.Thanks, I took a quick look through and it looked good. Integrity proxy should perhaps be moved into lib-auth in case it gets useful for other things than login process. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20040712/7accc074/attachment-0001.bin>