[Dovecot] [patch] gssapi support

Timo Sirainen tss at iki.fi
Mon Jul 12 19:04:17 EEST 2004


On Mon, 2004-07-12 at 18:49, Colin Walters wrote:
> Is there a more elegant way to do it?  The buffer API doesn't have a way
> to reserve bytes, and I was worried about alignment issues with the
> cast-to-uint32_t approach.

buffer_get_space_unsafe() and buffer_append_space_unsafe() maybe? Or I'd
do it by first converting the integer to network byte order, then
buffer_append(buf, &num, sizeof(num)). There's macros for that in
lib/byteorder.h.

> > I was mostly thinking about things which don't exist yet. Such as
> > there's already Postfix patch to authenticate from dovecot-auth, would
> > it make sense to add integrity proxy to it?
> 
> Ah...maybe.  Postfix already has its own SASL implementation, so the
> Postfix patch could be extended to be able to receive an exported GSS
> context and do its own integrity/confidentiality protection in the smtpd
> process.  I guess it would be possible to have dovecot-auth do the
> integrity protection proxying itself in the same way imap-login does
> now, but given that Postfix has its own SASL it probably makes more
> sense to give control back to that.

Postfix uses Cyrus SASL library to do all the SASL stuff (well, except
parsing the SMTP commands of course). I replaced that completely with my
patch (http://dovecot.org/patches/postfix/).

Anyway, Postfix didn't do integrity protection with Cyrus library either
even though it supported it. Also I was thinking about modifying my
patch some day to use only Postfix's internal functions since all it
really needs is some simple UNIX socket talking. So I guess integrity
proxy might as well be in login-common.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040712/131e75ca/attachment-0001.bin>


More information about the dovecot mailing list