Hi all,
Apologies for the somewhat off-topic questions - I'm trying to get my head around SASL, and what it is/does.
I can see that a (SMTP, IMAP etc) server can offer various authentication methods, which are pre-defined and which the client can choose from. SASL then seems to define how those work.
But dovecot and cyrus-sasl both seem to offer a client-server interface, usable by eg postfix, which I don't see any reference to in SASL summaries online.
Is that a standard interface? ie can a client like postfix talk to either dovecot or cyrus without knowing the difference? Are there others?
Is there a good reference to this somewhere, short of reading the RFCs?
And is there any option (current or proposed) to let dovecot act as a client, rather than a server?
Thanks, Richard
On 21 Aug 2020, at 01:05, Richard Hector richard@walnut.gen.nz wrote:
Is that a standard interface? ie can a client like postfix talk to either dovecot or cyrus without knowing the difference?
Yes. Postfix does not care, though I find it is easier to setup and more reliable to use dovecot (I've used both, YMMV).
Are there others?
Those are the only two I have used. If there are others I've not seen them mentioned on the postfix list that I can recall.
Is there a good reference to this somewhere, short of reading the RFCs?
The best bet is
1) get a real cert.
2) copy and existing configuration
And is there any option (current or proposed) to let dovecot act as a client, rather than a server?
A client for…?
-- Tina... homecoming is spelled c *O* m
On 21/08/20 7:15 pm, @lbutlr wrote:
On 21 Aug 2020, at 01:05, Richard Hector richard@walnut.gen.nz wrote:
Is that a standard interface? ie can a client like postfix talk to either dovecot or cyrus without knowing the difference?
Yes. Postfix does not care, though I find it is easier to setup and more reliable to use dovecot (I've used both, YMMV).
Thanks - is there documentation of this protocol somewhere? Though having just now had another look at the Postfix SASL_README, it appears it needs support for each compiled in, suggesting there are differences?
Are there others?
Those are the only two I have used. If there are others I've not seen them mentioned on the postfix list that I can recall.
Postfix, AFAICS, only supports the two - but I've seen references for IRC servers talking to an irc services server called anope, which provides SASL somehow?
Is there a good reference to this somewhere, short of reading the RFCs?
The best bet is
- get a real cert.
- copy and existing configuration
I'm not following - I'm not sure we're on the same page :-( I already have Postfix (with a Letsencrypt cert) using Dovecot SASL (Dovecot also uses the same cert) Or are you talking about some other kind of cert? And are you talking about the Postfix and/or Dovecot config?
And is there any option (current or proposed) to let dovecot act as a client, rather than a server?
A client for…?
A SASL client - so eg Dovecot and Postfix could both talk to the same Cyrus (or other - even another Dovecot) SASL server. One reason might be to use password hash algorithms that Dovecot doesn't know about.
Cheers, Richard
participants (2)
-
@lbutlr
-
Richard Hector