Feature Request: Redis support for username and TLS
I was wondering if there was any imminent support in 2.3.12+ for using a username to log into Redis, as well as support for using TLS to connect to Redis. And if not, I'd like to put in a feature request for those two things (AUTH with username/password, and TLS connections to Redis).
Specifically, I was looking at using a username/password combo to log into Redis for the quota_clone plugin. I found the 'password' param in the source (not documented at https://wiki.dovecot.org/Dictionary). There's no 'username' param (the 'username' in the source seems to refer to the mailbox, for the purpose of building the key name).
Redis 6 supports authenticating with a username and password, as well as the ability to listen on a TLS-enabled port. Both of these significantly improve security, combined with the new ACL system.
Obviously, these Redis 6 features are brand new, so I'd be shocked if they were already supported. But it'd be awesome if those were added to Dovecot :)
Currently, I've got a localhost Envoy proxy doing TCP proxying from localhost+non-TLS to my Redis TLS port, which is a kludge at best. There's a neat Envoy Redis proxy that *almost* does the trick but the Envoy Redis proxy unfortunately doesn't support MULTI/EXEC, which Dovecot quota_clone uses, or I'd be using that instead of a plain TCP proxy (since the Envoy Redis proxy can use a username/password+tls to connect to the upstream Redis).
participants (1)
-
Mark Moseley