On Sat, 4 Feb 2006, Maurice Massar wrote:
Are there plans to add support for the security-layer part of SASL?
This would allow people using kerberos for authentication to have
encrypted pop3/imap sessions without worring about SSL-certs,
fingerprints etc.
There are plans, however, they aren't particularly high priority.
Relatively few IMAP clients support SASL security layers, whereas just
about every IMAP client supports TLS and/or SSL. I could count the number
of times I've been asked about supporting SASL security layers in UW imapd
on one hand...and still have some fingers left!
For that matter, relatively few IMAP clients support Kerberos. I use
Kerberos with IMAP extensively, and have always just used TLS for
security.
Searching the archives I found:
http://mailman1.u.washington.edu/pipermail/imap-uw/2005-June/000080.html
It is not Cyrus SASL, but there is little (if anything) to be gained by
ripping out UW imapd's native SASL support to install Cyrus SASL.
currently Cyrus-SASL does support Security Layer, so if it is less work
to do the switch, you could consider this?
It would *far* more work to convert UW imapd to use Cyrus-SASL than it
would to implement the security layer in the existing UW SASL Kerberos
code.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
