Feature Request: Redis support for username and TLS

[Mark Moseley]

I was wondering if there was any imminent support in 2.3.12+ for using a
username to log into Redis, as well as support for using TLS to connect to
Redis. And if not, I'd like to put in a feature request for those two
things (AUTH with username/password, and TLS connections to Redis).

Specifically, I was looking at using a username/password combo to log into
Redis for the quota_clone plugin. I found the 'password' param in the
source (not documented at https://wiki.dovecot.org/Dictionary). There's no
'username' param (the 'username' in the source seems to refer to the
mailbox, for the purpose of building the key name).

Redis 6 supports authenticating with a username and password, as well as
the ability to listen on a TLS-enabled port. Both of these significantly
improve security, combined with the new ACL system.

Obviously, these Redis 6 features are brand new, so I'd be shocked if they
were already supported. But it'd be awesome if those were added to Dovecot
:)

Currently, I've got a localhost Envoy proxy doing TCP proxying from
localhost+non-TLS to my Redis TLS port, which is a kludge at best. There's
a neat Envoy Redis proxy that *almost* does the trick but the Envoy Redis
proxy unfortunately doesn't support MULTI/EXEC, which Dovecot quota_clone
uses, or I'd be using that instead of a plain TCP proxy (since the Envoy
Redis proxy can use a username/password+tls to connect to the upstream
Redis).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201103/a62d4b7c/attachment.html>