Loading ...
Sorry, an error occurred while loading the content.
 

Re: The book of postfix

Expand Messages
  • Tom Allison
    ... I think Cyrus-SASL has been very useful in proving out the value of AUTHENTICATION and can go a long ways to help the configuration of roaming users (when
    Message 1 of 28 , Dec 30, 2006
      Noel Jones wrote:
      >
      >>> > I personally have found the whole SASL thing to be so
      >>> amazingly ugly
      >>> > and generally "sucky" that I would love to request something
      >>> > completely different.
      >>> Same here...
      >
      > I feel the dovecot support in postfix 2.3 nicely handles incoming
      > authentication. The dovecot authentication is very simple to setup and
      > doesn't require that you use dovecot as your pop/imap server if you like
      > something else better. Dovecot can be trivially configured to use
      > system passwords or a text file (or *sql or ldap if that floats your
      > boat. Or all simultaneously).
      >
      > Dovecot does not link into postfix (postfix just references a socket) so
      > there is no network exposure of additional code.
      >
      > So I feel safe and simple server-side authentication is already available.
      >
      > I think there is a great need for simple client-side authentication so
      > home users that must authenticate to a ISP's server don't have to go to
      > the trouble of linking in and configuring cyrus. A flat-file solution
      > (maybe a simple add-on program) for this would be a tremendous improvement.
      >

      I think Cyrus-SASL has been very useful in proving out the value of
      AUTHENTICATION and can go a long ways to help the configuration of roaming users
      (when combined with TLS). Considering the fact that 2007 expects to be a year
      where notebook sales exceed desktops it shouldn't be a surprise if the need for
      a simplified, yet robust, method of doing full end-to-end AUTH+TLS becomes a
      greater need of email servers.

      The value for AUTH+TLS isn't really something that can be argued anymore. But I
      would hate to think that our only option is to try and tie in Cyrus-SASL on all
      these servers. That, in my opinion, is a whole lot of ugly...
    Your message has been successfully submitted and would be delivered to recipients shortly.