Am 2024-12-22 01:39, schrieb Peter via Postfix-users:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example
OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
so
ne
On 22/12/24 23:22, Michael Tokarev via Postfix-users wrote:
Cyrus SASL is a separate thing in people minds because it is a
separate, independent library/subsystem. You can install a separate
package named this way. But in Dovecot it is an integral part of a
larger system, it is not viewed like
22.12.2024 13:13, Tomasz Pala via Postfix-users wrote:
Well, Cyrus is also not SASL-only...
https://doc.dovecot.org/2.3/admin_manual/sasl/ is what I mean.
Cyrus SASL is a separate thing in people minds because it is a
separate, independent library/subsystem. You can install a separate
packag
On 2024-12-22 07:53, Michael Tokarev via Postfix-users wrote:
>
> It is not true for you, but not for most others who treat dovecot like
> a mailbox storage/access solution (IMAP/POP/etc). Sure it is capable
> to provide just the auth part, it's just not what people think about it.
Well, Cyrus i
22.12.2024 11:53, Peter via Postfix-users wrote:
On 22/12/24 19:53, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
saslauthd h
On 2024-12-22 01:42, Peter via Postfix-users wrote:
>>
>> What's worth mentioning is that PLAIN/LOGIN also requires cleartext
>> password storage - on the client side.
>
> This is not entirely true. It is possible for a client to store
> passwords in an encrypted db which is decrypted with its o
22.12.2024 11:53, Peter via Postfix-users wrote:
[people treat dovecot sasl as part of dovecot]
I realize that, but it's fairly easy to implement and easy to configure dovecot to only provide the SASL backend plus it does appear to be the most
comprehensive, easiest to implement solution for SA
On 22/12/24 19:53, Michael Tokarev via Postfix-users wrote:
22.12.2024 03:39, Peter via Postfix-users wrote:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with sa
22.12.2024 03:39, Peter via Postfix-users wrote:
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
saslauthd ha
On 22/12/24 03:19, Tomasz Pala via Postfix-users wrote:
What's worth mentioning is that PLAIN/LOGIN also requires cleartext
password storage - on the client side.
This is not entirely true. It is possible for a client to store
passwords in an encrypted db which is decrypted with its own pass
On 22/12/24 02:54, Michael Tokarev via Postfix-users wrote:
However, there are other mechanisms being developed, for example OAUTH2,
which, in terms of Cyrus SASL, does not work with saslauthd at all,
I don't see why it wouldn't.
so
needs direct integration within postfix in a form of plugin
21.12.2024 19:51, Wietse Venema via Postfix-users wrote:
Michael Tokarev via Postfix-users:
I still yet to see the reason for this, besides a statement "chroot is
painless for freebsd but for linux is unsupportable", which is nothing
but a big old myth, since the two works the same.
That is a
Michael Tokarev via Postfix-users:
> I still yet to see the reason for this, besides a statement "chroot is
> painless for freebsd but for linux is unsupportable", which is nothing
> but a big old myth, since the two works the same.
That is a myth, because we already discussed that glibc needs fil
21.12.2024 18:31, Wietse Venema via Postfix-users wrote:
Michael Tokarev via Postfix-users:
It *feels* like postfix needs some separation of this sasl stuff into
its own process somehow, similar to how proxymap is done, so that
eg cyrus sasl code is not linked directly into smtp[d] with all it
Michael Tokarev via Postfix-users:
> There's nothing in the docs saying if dovecot sasl can work with
> non-plaintext mechanisms. In almost all docs and examples I've
> found, dovecot side of the config is configured with
> "auth_mechanisms = plain login". There are some vague references
> to usa
On 2024-12-21 14:54, Michael Tokarev via Postfix-users wrote:
>
> cleartext password (storage) is required for many SASL mechanisms over
> than PLAIN. And none of these mechanisms work with -a pam or with
[...]
> However, there are other mechanisms being developed, for example OAUTH2,
What's wor
21.12.2024 16:16, Viktor Dukhovni via Postfix-users wrote:
On Sat, Dec 21, 2024 at 01:51:46PM +0300, Michael Tokarev via Postfix-users
wrote:
...
As far as I can see, Cyrus SASL can work with plaintext methods
using saslauthd (which has very simple username,password => ok|bad
protocol), and ca
On 2024-12-21 11:51, Michael Tokarev via Postfix-users wrote:
>
> We've basically two big kinds of SASL mechanisms: plaintext
> (which are login and plain) and non-plaintest (everything else).
[...]
> There's nothing in the docs saying if dovecot sasl can work with
> non-plaintext mechanisms. In
On Sat, Dec 21, 2024 at 01:51:46PM +0300, Michael Tokarev via Postfix-users
wrote:
> Hi!
>
> I'm trying to get a "big picture" about how postfix works with
> various SASL options. It looks like there's a big overview
> missing in the docs somehow.
>
> We've basically two big kinds of SASL mecha
19 matches
Mail list logo
