[Dovecot] SASL authentication
I was browsing the wiki and found a section on what appears to be as close to "exactly what I'm looking for" as I've seen in a long time.
http://wiki.dovecot.org/moin.cgi/DovecotPostgresql
However, I'm not inclined to do very much "blind" configuration on my machines without first understanding the what/why of it all. My theory is that this helps me with the RTFM syndromes later. Hopefully.
My current dovecot installation is based on pgsql authentication with a single domain and files being placed in a $HOME. It's as if it were /etc/passwd based, but the passwords are different.
I would very much like to migrate this into a system which supports multiple domains and this Wiki seems to be the best means for that.
However, I didn't use SASL authentication. I was emotionally scarred trying to use SASL with a venture with Cyrus-IMAP under different circumstances.
Could someone explain why SASL is a good thing in this case? Does it allow for something more, lead into future developements? Most of the rest of this general paper I do understand, but the SASL is the only part where I'm not sure if I must do that, want to do that, or can live without it.
On 20.11.2004, at 13:06, Tom Allison wrote:
http://wiki.dovecot.org/moin.cgi/DovecotPostgresql .. I would very much like to migrate this into a system which supports multiple domains and this Wiki seems to be the best means for that.
However, I didn't use SASL authentication. I was emotionally scarred trying to use SASL with a venture with Cyrus-IMAP under different circumstances.
The Postfix SASL authentication is just an extra step there if you want to do SMTP authentication. It's not used for anything else.
Could someone explain why SASL is a good thing in this case? Does it allow for something more, lead into future developements? Most of the rest of this general paper I do understand, but the SASL is the only part where I'm not sure if I must do that, want to do that, or can live without it.
I guess I should put some SASL page to Wiki as well explaining what it is, since people often confuse it with Cyrus SASL implementation..
SASL itself is nothing more than a list of requirements for authentication mechanisms (eg. plaintext, Kerberos) and Internet protocols to be SASL-compatible. IMAP, POP3 and SMTP all have support for SASL.
Then there are the implementations. Cyrus SASL is the currently ubiquitous SASL library used by pretty much everyone. Dovecot however has it's own SASL implementation. It will most likely be separated from rest of Dovecot code at some point and offered as standalone implementation to be used by SMTP servers and whatever else.
But I guess what you really want to know is if you should install Cyrus SASL for Postfix. The only reason to do that is if you need SMTP authentication, ie. you want to be able to send mails outside some trusted network segment without turning your SMTP server into open proxy, and without using some kludgy pop-before-smtp method.
participants (2)
-
Timo Sirainen
-
Tom Allison