[Dovecot] Thinking Outside the Box - Extending IMAP
Johannes Berg
johannes at sipsolutions.net
Tue May 15 12:23:32 EEST 2007
On Mon, 2007-05-14 at 11:39 -0500, Eric Rostetter wrote:
> You can setup a ssh tunnel on the server on any port. The user then
> sets up to connect to that port. The authentication can be done anyway
> you want, or not at all. We're not talking ssh logins to the server,
> we're talking ssh tunneling.
Actually, I was thinking ssh logins :)
What I was thinking is this:
* user logs in via ssh
* ssh exposes a bunch of services like sftp and doesn't expose shell
(iirc this is possible), except the service wouldn't be sftp but
'imap'
* the imap service you provide is a pre-authenticated imap session so
that authentication/encryption is in ssh. I read my mail this way all
the time.
* the ssh also provides a few other services that you can use
Yes, this'll need a new client, but no, it won't require installing
putty, it'll require adding an ssh-transport to the imap protocol in
your mail client. Evolution is capable of doing that already by a
preauth tunnel command. But you need to modify the client anyway, so
this isn't a concern.
Thus, what you get is exactly what you want: a service that provides
multiple virtual services within a single existing connection. You ought
to be able to partition users within ssh, maybe not with openssh but
surely with some other implementation, virtual users should be possible
too, there's nothing in the ssh protocol that forbids this.
Now, at this point, you might want to support imap-only clients. But
that's probably easy too, just set up *dovecot* to do the authentication
(might sound odd first) and then write a dovecot PAM module that allows
ssh to authenticate against dovecot's auth service. Trivial, really.
Then you can *also* expose plain imap (with TLS) on another port and
therefore support legacy clients.
johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070515/55c5e34a/attachment.pgp
More information about the dovecot
mailing list