On Tue, Jan 20, 2009 at 08:43:58PM +0100, mouss wrote:
> It looks like he wants postfix/smtp to authenticate to the final server
> using the auth infos that were given to postfix/smtpd. This is a bit
> complex as it means storing the authentication infos somewhere and that
> authentication can be "replayed".
This is not how SASL works, it is an interactive protocol, in many
mechanisms the server cannot effectively replay the client side of the
protocol. What can work is proxying the protocol, though with GSSAPI
the target server needs to have keys for the original server's Kerberos
principal.
It is certainly possible to design a SASL plugin that proxies to another
server, or a new Postfix-SASL type that does the same. The "rimap" SASL
plugin is an example of what's possible.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
