Brian Candler wrote:
> On Thu, Aug 17, 2006 at 12:58:28PM -0600, Kevin Pendleton wrote:
> 
>>So now I am really confused, shouldn't the proxy see the options tag and 
>>query the remote server for the authentication?  I don't see why it 
>>should need anything more then just the one options=mailhost tag or am I 
>>missing something here?
> 
> 
> Because of the way it works, it does a *full* authentication before proxying
> the request (i.e. it checks the password as well).
> 
> In principle, you could have a proxy which accepted a username plus any
> random password, and proxied to the backend without checking the password.
> It would have to be clever enough to notice that if the far end rejects the
> login, it goes back into the login loop locally. But this is not how courier
> works.
> 
> It's not really a problem though - just put a full copy of your userdb on
> the proxy box (or point your proxy box at the same LDAP / mysql / postgres
> database)
> 
> Regards,
> 
> Brian.
> 
> 

Thanks for the responses, Sam and Brian.  I replied to Sam's message, 
but I now realize that the list is set up to reply to the poster instead 
of the list.  I apologize for not noticing that before and sending to 
Sam directly.

Unfortunately, the core funtionality I was looking for was really an 
IMAP authentication proxy server.  The current IMAP servers all use 
different forms of authentication storage and I was hoping to 
encapsalate the process of authenticating a user by hitting one service 
(what I had hoped would be an IMAP proxy) that would return either a 
PASS or FAIL to the querying service (in this case a Postfix server that 
I want to setup SMTP remote authentication on - as far as I can tell 
POstfix can query a remote IMAP for authentication, but can only query 
one server).

I'm hoping that there is some kind of solution out there, I'll keep 
looking.  If anyone has any recommendations, I would love to hear about it.

FYI: This is the section in the README.proxy that confused me, making me 
think that this software was a viable option:  "A separate, proxy server 
sits in front and accepts ordinary IMAP and POP3 connections. It reads 
the login ID, determines which server the account is located on, 
connects to the server, and logs in."

Thanks,

Kevin

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap

Reply via email to