19 Oct
2005
19 Oct
'05
5:14 p.m.
"JV" == Jelmer Vernooij jelmer@samba.org writes:
JV> Yeah, Timo mentioned there was someone else working on a new patch
JV> when I first talked to him yesterday evening, but I already had
JV> everything working by then, except for the configuration options,
JV> so I decided to go ahead. What's the status of your patch?Similar to yours I think. Auth only working. I didn't do a keytab config var addition. I was holding off until I'd got at least a skeleton/sketch of how to put in the SASL security layer.
JV> I've focussed on authentication only for now since it keeps the
JV> patch small and readable (and thus is hopefully more easily
JV> accepted into CVS). Just authentication is sufficient for a lot of
JV> people.Agree.
JV> You'd have to export the GSS security context from the login
JV> process to the user process somehow, but that shouldn't be a
JV> problem with gss_{ex,im}port_sec_context().I've been trying to work out how to propagate the exported blob safely through the dovecot process hierarchy. I'm not entirely happy about it appearing in the process environment, for example, since that may not be private enough.