Hi all, I seem to recall mention of SASL client support either being added, but can't remember for sure. The wiki says nothing about Client support (now, or in the future)... http://wiki2.dovecot.org/Sasl So - is there support for it now? If not, is it planned for anytime soon? Thanks, -- Best regards, Charles
Am 08.01.2013 14:40, schrieb Charles Marcus:> Hi all, > > I seem to recall mention of SASL client support either being added, but can't remember for sure. The wiki says > nothing about Client support (now, or in the future)... > > http://wiki2.dovecot.org/Sasl > > So - is there support for it now? If not, is it planned for anytime soon?what exactly are you missing? * dovecot can be used from postfix to replace cyrus sasl you even linked the documentation http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL * dovecot supports authentication for POP3/IMAP so hich sort fo "client support" are you missing? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20130108/53413619/attachment-0004.bin>
On 2013-01-08 8:46 AM, Reindl Harald <h.reindl at thelounge.net> wrote:> > Am 08.01.2013 14:40, schrieb Charles Marcus: >> Hi all, >> >> I seem to recall mention of SASL client support either being added, but can't remember for sure. The wiki says >> nothing about Client support (now, or in the future)... >> >> http://wiki2.dovecot.org/Sasl >> >> So - is there support for it now? If not, is it planned for anytime soon? > what exactly are you missing? > > * dovecot can be used from postfix to replace cyrus sasl > you even linked the documentation > http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL > * dovecot supports authentication for POP3/IMAP > > so hich sort fo "client support" are you missing?CLIENT support... do you not understand the difference? http://www.postfix.org/SASL_README.html#client_sasl So that postfix can use dovecot-sasl for remotely authenticating against another SMTP server, ie, for secure relays... -- Best regards, Charles
On 8.1.2013, at 15.40, Charles Marcus <CMarcus at Media-Brokers.com> wrote:> I seem to recall mention of SASL client support either being added, but can't remember for sure. The wiki says nothing about Client support (now, or in the future)... > > http://wiki2.dovecot.org/Sasl > > So - is there support for it now? If not, is it planned for anytime soon?There are a few uses for client-side SASL in Dovecot: * Proxying to IMAP/POP3 backend server * imapc/pop3c backends connecting to remote IMAP/POP3 server * doveadm connecting to doveadm-server * doveadm command to verify/debug that SASL authentication Dovecot already implements client-side PLAIN SASL mechanism for the first three cases. Each one implements it separately, but since that doesn't really matter since the code is so simple. I guess at some point that code could be moved to a library and other mechanisms implemented for them, although that makes the code more complex since other mechanisms can require multiple roundtrips to server instead of just one like PLAIN. Also people have been happy enough with only PLAIN authentication for these cases for now. Then there's the whole other question of whether that client side SASL code could be exported to a separate library, possibly even API compatible with Cyrus SASL. I think that's unlikely to happen, especially because the code most likely would require libdovecot.so, which isn't really meant to be linked against non-Dovecot software. Probably an easier way to get rid of Cyrus SASL client code would be to move to GNU SASL.