[Dovecot] [PATCH] Support for GSSAPI SASL Mechanism
pod at herald.ox.ac.uk
pod at herald.ox.ac.uk
Wed Oct 19 16:11:14 EEST 2005
>>>>> "JV" == Jelmer Vernooij <jelmer at samba.org> writes:
JV> Attached is a patch against current CVS that adds support for the
JV> GSSAPI SASL mechanism. It was written from scratch, after reading
JV> the patch from Colin Walters against a much older version of
JV> dovecot.
I too have been working on getting a working GSSAPI patch against current
CVS and have taken a similar approach.
Any idea if this is going to make it's way into CVS?
I notice that its auth only and you don't have any SASL security layer
integrity or protection stuff, same as DIGEST-MD5. This is the point
which I've got to and have been considering how to implement the
'integrity-proxy' (name coined from the Colin Walters patch) part of
things. Work on this would have implications for mech-digest-md5.c as
well.
Want to discuss ideas?
Timo, do you have any ideas on a good way to implement this?
I have been considering:
- start up two pipe connected processes, a network filter and
libexec/dovecot/imap, the filter does the gss_wrap, gss_unwrap etc
- create a io library filter layer
- keep the imap-login process around but have it re-exec as the filter
(would be running as login_user, probably not ideal)
More information about the dovecot
mailing list