On 22/12/24 23:22, Michael Tokarev via Postfix-users wrote:
Cyrus SASL is a separate thing in people minds because it is a separate, independent library/subsystem. You can install a separate package named this way. But in Dovecot it is an integral part of a larger system, it is not viewed like something which can be used separately.
Right and it's used this way for client AUTH in postfix.
This is why Cyrus SASL almost always becomes the first choice,
I disagree. The reason cyrus is usually implemented is for historical reasons, I'll explain with a brief history:
Cyrus SASL was implemented in postfix first and it wasn't until some years later that dovecot SASL was offered.
During this time a number of internet tutorials were written that showed how to use postfix with cyrus SASL, some even showing that you can use cyrus SASL with the remap database type to query another IMAP server (e.g. dovecot) to check the authentication.
A number of people followed these tutorials to implement postfix with dovecot using cyrus SASL as a go-between for AUTH.
Many of these turtorials still exist on the internet today, and people still follow them, even though it's completely unnecessary to use Cyrus SASL in combination with dovecot, there have even been some new tutorials that are *still* written that follow these guidelines.
People still use Cyrus a lot because either (1) they always did before and it works or (2) they followed some outdated tutorial which told them to do so.
...and so the cycle goes. Now here education is the key, we need to be vigilant in getting the word out that dovecot can interface directly to postfix as a SASL backend whether or not it's used for IMAP service.
- "but I don't currently use Dovecot so it must be Cyrus SASL".
Right, this also happens, but I don't think it's the main reason why people use cyrus still. Even so I think that education is the key here as well.
I mentioned libgsasl in another email, that could be helpful. It is a library SASL implementation which means that postfix can be directly linked (similar to the cyrus SASL libs) and offer this type of SASL directly. I don't know if it's worth the trouble of implementing, but it would seem to be at least close to what you're asking for which is why I mentioned it.
Peter _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
