> Yes, again from the quote from Wietse that you snipped out:
>
> > Dovecot tells Postfix the supported mechanism names and their
> > security properties.
O.K. Thanks.
I read but did not understand the quote above. Your explanation was clearer
and I understood it the first time.
Thanks again,
On 13/07/16 16:30, Michael Fox wrote:
> Ah. So you're saying that for each auth mechanism configured in the SASL
> implementation (dovecot in my case), the SASL implementation is sending
> Postfix a tuple which includes the mechanism name and which categories it
> fits into, rather than Postfix ke
> >
> > I think the actual security features list is dependant on the SASL
> > implementation, and which mechs satisfy each security feature is defined
> > in cyrus and dovecot sasl.
Ah. So you're saying that for each auth mechanism configured in the SASL
implementation (dovecot in my case), the
On 13/07/16 15:56, Peter wrote:
> On 13/07/16 15:38, Michael Fox wrote:
>> Thanks. But again, the question is *NOT* about the terminology or the
>> general meaning or definition of the categories. The question is
>> specifically asking which authentication mechanisms Postfix places in those
>> ca
On 13/07/16 15:38, Michael Fox wrote:
> Thanks. But again, the question is *NOT* about the terminology or the
> general meaning or definition of the categories. The question is
> specifically asking which authentication mechanisms Postfix places in those
> categories.
I think the actual security
>
> This is standard terminology, and therefore not defined in either
> Postfix or SASL RFC.
>
> Active network attack: an attacker modifies the communication between
> parties.
>
> Mutual authentication: each party authenticates to the other party.
Thanks. But again, the question is *NOT* abo
Wietse:
> > You can find out about SASL active etc. attacks in RFC 4422
> > https://tools.ietf.org/html/rfc4422
>
Michael Fox:
> Thanks. Yes, that describes the attack categories. But it doesn't answer
> the above question. Is the categorization documented somewhere? If not,
> how are we to kn
> In other words, how do I know which mechanisms will be
> > disallowed with "noactive" or "nodictionary" or allowed by
> "forward_secrecy"
> > or "mutual_auth"? I'm unable to connect the dots.
>
> You can find out about SASL active etc. attacks in RFC 4422
> https://tools.ietf.org/html/rfc4422
>
Wietse:
> Dovecot tells Postfix the supported mechanism names and their
> security properties. Postfix intersects that with the main.cf
> settings, and announces the mechanisms that remain.
Michael Fox:
> O.K. Thanks.
>
> Can be more specific about which SASL mechanisms are allowed or disallow
>
> Michael Fox:
> > http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says
> "the
> > following security features are defined for the cyrus server .".
> Dovecot is
> > not mentioned. So, is it correct to interpret this to mean that this
> > postfix setting is a noop when dovecot
Michael Fox:
> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says "the
> following security features are defined for the cyrus server .". Dovecot is
> not mentioned. So, is it correct to interpret this to mean that this
> postfix setting is a noop when dovecot is used for sas
http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says "the
following security features are defined for the cyrus server .". Dovecot is
not mentioned. So, is it correct to interpret this to mean that this
postfix setting is a noop when dovecot is used for sasl authentication?
12 matches
Mail list logo
