[Dovecot] SASL authentication

Timo Sirainen tss at iki.fi
Mon Nov 29 05:34:55 EET 2004 

On 20.11.2004, at 13:06, Tom Allison wrote:

> http://wiki.dovecot.org/moin.cgi/DovecotPostgresql
..
> I would very much like to migrate this into a system which supports 
> multiple domains and this Wiki seems to be the best means for that.
>
> However, I didn't use SASL authentication.  I was emotionally scarred 
> trying to use SASL with a venture with Cyrus-IMAP under different 
> circumstances.

The Postfix SASL authentication is just an extra step there if you want 
to do SMTP authentication. It's not used for anything else.

> Could someone explain why SASL is a good thing in this case?
> Does it allow for something more, lead into future developements?
> Most of the rest of this general paper I do understand, but the SASL 
> is the only part where I'm not sure if I must do that, want to do 
> that, or can live without it.

I guess I should put some SASL page to Wiki as well explaining what it 
is, since people often confuse it with Cyrus SASL implementation..

SASL itself is nothing more than a list of requirements for 
authentication mechanisms (eg. plaintext, Kerberos) and Internet 
protocols to be SASL-compatible. IMAP, POP3 and SMTP all have support 
for SASL.

Then there are the implementations. Cyrus SASL is the currently 
ubiquitous SASL library used by pretty much everyone. Dovecot however 
has it's own SASL implementation. It will most likely be separated from 
rest of Dovecot code at some point and offered as standalone 
implementation to be used by SMTP servers and whatever else.

But I guess what you really want to know is if you should install Cyrus 
SASL for Postfix. The only reason to do that is if you need SMTP 
authentication, ie. you want to be able to send mails outside some 
trusted network segment without turning your SMTP server into open 
proxy, and without using some kludgy pop-before-smtp method.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20041129/8ce89b13/attachment-0001.bin>

More information about the dovecot mailing list