[Dovecot] Postfix SASL AUTH from Dovecot
tss at iki.fi
Mon May 31 19:12:12 EEST 2004
On Mon, 2004-05-31 at 15:47, Farkas Levente wrote:
> my main question here (as always) why we need sasl at all?
> what is the main pros for sasl?
> I've never seen any good reason.
SMTP AUTH is done with SASL, so IP-address restrictions and
POP/IMAP-before-SMTP are the only alternatives.
SASL is really just a list of requirements for an authentication
mechanism to be SASL compatible. There are plaintext SASL mechanisms
(PLAIN, LOGIN) which are commonly used with SMTP authentication.
When talking about SASL library it usually does much more than just
implement the few SASL mechanisms. It has to know how to verify the
passwords and where to find user's home directory etc. dovecot-auth for
example consists of:
# user/password databases (pam, ldap, sql, ..)
~/cvs/dovecot/src/auth% wc -l db-*.c|tail -1
~/cvs/dovecot/src/auth% wc -l userdb*.c|tail -1
~/cvs/dovecot/src/auth% wc -l passdb*.c|tail -1
# password matching functions (crypt, md5, ..)
~/cvs/dovecot/src/auth% wc -l password*.c|tail -1
# sasl authentication mechanisms
~/cvs/dovecot/src/auth% wc -l mech-*.c
Only the mech-*.c files are SASL mechanism specific code. ANONYMOUS
could be done pretty much by sending username "anonymous" and empty
password. CRAM-MD5 and DIGEST-MD5 aren't really useful if SSL is being
used, except with them server never sees the plaintext password. What
could actually be very useful are Kerberos and OTP mechanisms, if
someone just implemented them.
> anyway why do you use dovecot-auth for postfix? postfix has many
> authentication mechanism for everything.
AFAIK Postfix uses only Cyrus SASL library for authentication, it hasn't
implemented anything internally and it doesn't support any other library
(and there aren't many). And Cyrus SASL was the thing I've always
It also means less configuration.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the dovecot