[Dovecot] [PATCH] Support for GSSAPI SASL Mechanism

pod at herald.ox.ac.uk pod at herald.ox.ac.uk
Wed Oct 19 17:14:59 EEST 2005


>>>>> "JV" == Jelmer Vernooij <jelmer at samba.org> writes:

    JV> Yeah, Timo mentioned there was someone else working on a new patch
    JV> when I first talked to him yesterday evening, but I already had
    JV> everything working by then, except for the configuration options,
    JV> so I decided to go ahead. What's the status of your patch?

Similar to yours I think.  Auth only working.  I didn't do a keytab config
var addition.  I was holding off until I'd got at least a skeleton/sketch
of how to put in the SASL security layer.

    JV> I've focussed on authentication only for now since it keeps the
    JV> patch small and readable (and thus is hopefully more easily
    JV> accepted into CVS). Just authentication is sufficient for a lot of
    JV> people.

Agree.

    JV> You'd have to export the GSS security context from the login
    JV> process to the user process somehow, but that shouldn't be a
    JV> problem with gss_{ex,im}port_sec_context().

I've been trying to work out how to propagate the exported blob safely
through the dovecot process hierarchy.  I'm not entirely happy about it
appearing in the process environment, for example, since that may not be
private enough.


More information about the dovecot mailing list