[Dovecot] [patch] gssapi support
Colin Walters
walters at verbum.org
Mon Jul 12 18:07:43 EEST 2004
On Mon, 2004-07-12 at 17:49 +0300, Timo Sirainen wrote:
> On Mon, 2004-07-12 at 17:20, Colin Walters wrote:
> > I've been working on a patch for GSSAPI (Kerberos) support. It seems to
> > work pretty well for authentication (I've tested it with Evolution,
> > fetchmail, and mutt). I have also been working on implementing
> > integrity/confidentiality protection. Unfortunately not many clients
> > support this - the only one I've found really is mutt, which seems to
> > disconnect from the server for some unknown reason not long after a
> > Kerberos-secured conversation. I'm still trying to track that down.
> >
> > But anyways the patch is far along enough that I think it's worthy of
> > review and testing.
>
> Thanks, I took a quick look through and it looked good.
Cool, thanks. I'd like to have it actually working with mutt before it
goes in, but if you don't see any architectural problems, that's
encouraging.
> Integrity proxy
> should perhaps be moved into lib-auth in case it gets useful for other
> things than login process.
Hm. I was modeling the integrity support after the SSL support, since
conceptually it's very similar. I'm not sure which other process would
use the integrity support? Both POP3 and IMAP define integrity and
confidentiality as starting after authentication, so it would only come
into play after the auth process was used. I don't see how master would
use it sensibly. I think it would be difficult to use from the imap
process since that runs only with user privilege, and at least Kerberos
requires access to the keytab file, which should not be readable by
regular users.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20040712/035b1875/attachment.pgp
More information about the dovecot
mailing list