[EMAIL PROTECTED] said:It seems you can do postfix SSL with and without SASL. I don't know which choice is better/easier.
SASL is an authentication layer. SSL is an encryption layer. So you are comparing apples and grapefruits. Which also explains why they are not mutually exclusive.
The only time SASL is required is if you are using Cyrus, since it only speaks SASL. Some distribution require it as default, and I believe most pre-compiled binaries of Postfix are compiled with SASL support, though you aren't required to use it.
Actually, I believe the true differences between the choices he's asking about:
SSL with SASL Auth
and
SSL with no auth
is, quite plainly, that one only encrypts, and the other does authentication in addition to the encryption.
Additionally, SASL is _not_ only for Cyrus IMAPd. It's actually become something of a de-facto standard (and may even be supported by one or more RFCs, haven't checked) for doing secure authentication. It's most commonly used against LDAP and/or Kerberos V authentication sources, but a fair number of applications and services are capable of using SASL authentication. Cyrus IMAPd is the most obvious, but Postfix, Sendmail, Apache, OpenLDAP and a number of other services are capable (or require) SASL for authentication purposes.
The answer to Chris's question, then, is that, to my knowledge, you need SASL authentication if you're going to authenticate SMTP senders directly with an authentication store such as LDAP or Kerberos (or Active Directory). Otherwise, if you just want to authenticate local system users, I believe you can do so without SASL in Postfix, though I haven't tried yet.
Gregory
-- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
--
KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
