Hello! On Mon, Sep 08, 2014 at 03:28:01PM -0700, Quanah Gibson-Mount wrote:
> --On Tuesday, September 09, 2014 12:49 AM +0400 Maxim Dounin > <[email protected]> wrote: > > >>> We plan on adding SASL support to SMTP as well unless you guys have > >>> plan to do that already ? > >> > >>Any nginx developers have any thoughts on this? > > > >When talking to mail backends, nginx doesn't use SASL for > >authentication as it's believed to be superfluous to use it > >instead of native protocol commands in the non-hostile backend > >environment. > > I'm not sure what you mean by this, can you expand please? I mean: nginx uses "LOGIN" when talking to IMAP backends, "USER/PASS" when talking to POP3 backends, and I don't see reasons to use SASL mechanisms instead when talking to backends. > >There is SASL support in nginx mail module though, and it happily > >authenticates users with PLAIN, LOGIN and CRAM-MD5 SASL mechanisms > >(as long as http_auth script used is able to handle this). > > These are particularly limited SASL mechanisms. Ours adds support for > linking to cyrus-sasl, for extended SASL mechanisms such as GSSAPI, SPNEGO, > etc. If that's not of interest, that's fine, but it's generally much more > useful security wise. No, linking to cyrus-sasl isn't an option, thanks. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
