Good evening from Germany. Please excuse the late reply, it is midsummer here and i spend as much time as possible on the outside (mostly bicycling). (And just one more day, then the weather will change and it will be 10 degrees colder.)
Wietse Venema wrote in <4bxstk189nzj...@spike.porcupine.org>: |Steffen Nurpmeso: |> Wietse Venema wrote in |> <4bwxll093mzj...@spike.porcupine.org>: |>|Steffen Nurpmeso: |>|> I have no idea of the inner sensitivities of postfix, but i do not |>|> understand where the problem lies. Why does postfix "wave |>|> through" the SASL offering of EXTERNAL when it does not support |>|> it? (I have no idea of SASL library interfaces.) |>| |>|Short summary: Postfix does not implement a single iota of SASL |>|AUTH support. Postfix simply propagates the names of mechanisms |>|that the backend (Cyrus or Dovecot) claims to support, and Postfix ... |>|If Dovecot claims to support SASL EXTERNAL but does not handle it, |>|that that is a bit of a WTF. |> |> I see. So postfix sees the AUTH and then switches to SASL |> inclusive the immediate response and henceforth yields everything |> until SASL says it is done?!. How could EXTERNAL ever work like |> that in a client/server->auth-server situation? | |There's a chicken and egg question in there somewhere. | |https://wiki1.dovecot.org/Authentication%20Protocol mentions |two attributes that might be relevant, and that Postfix can send: | |secured | Remote user has secured transport to auth client] (eg. localhost, \ | SSL, TLS) | |valid-client-cert | Remote user has presented a valid SSL certificate. | |But these are booleans. What protocol attribute would Postfix use |to pass certificate name information (and which name, as there |can be any number of them)? So in the meantime i had posted to dovecot. I have not looked at the dovecot SASL wiki entry. So it seems postfixs SASL support can be improved a bit. And, well, i think for EXTERNAL there has to be user name as an immediate response, so this would be that. I would like to look into this tomorrow or on Saturday, maybe i can produce a patch that adds the above keywords to the postfix/ dovecot SASL interaction? --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
