On 8.1.2013, at 15.40, Charles Marcus CMarcus@Media-Brokers.com wrote:
I seem to recall mention of SASL client support either being added, but can't remember for sure. The wiki says nothing about Client support (now, or in the future)...
So - is there support for it now? If not, is it planned for anytime soon?
There are a few uses for client-side SASL in Dovecot:
- Proxying to IMAP/POP3 backend server
- imapc/pop3c backends connecting to remote IMAP/POP3 server
- doveadm connecting to doveadm-server
- doveadm command to verify/debug that SASL authentication
Dovecot already implements client-side PLAIN SASL mechanism for the first three cases. Each one implements it separately, but since that doesn't really matter since the code is so simple. I guess at some point that code could be moved to a library and other mechanisms implemented for them, although that makes the code more complex since other mechanisms can require multiple roundtrips to server instead of just one like PLAIN. Also people have been happy enough with only PLAIN authentication for these cases for now.
Then there's the whole other question of whether that client side SASL code could be exported to a separate library, possibly even API compatible with Cyrus SASL. I think that's unlikely to happen, especially because the code most likely would require libdovecot.so, which isn't really meant to be linked against non-Dovecot software. Probably an easier way to get rid of Cyrus SASL client code would be to move to GNU SASL.