> > Michael Fox: > > http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options says > "the > > following security features are defined for the cyrus server .". > Dovecot is > > not mentioned. So, is it correct to interpret this to mean that this > > postfix setting is a noop when dovecot is used for sasl authentication? > > Hmm. that file hasn't been updated in a while. The list appears to > be the same for dovecot. > > > And how does Postfix know which authentication mechanisms to offer the > > client? Does dovecot communicate this to postfix somehow? > > Dovecot tells Postfix the supported mechanism names and their > security properties. Postfix intersects that with the main.cf > settings, and announces the mechanisms that remain. > > Wietse
O.K. Thanks. Can be more specific about which SASL mechanisms are allowed or disallowed by each option? In other words, how do I know which mechanisms will be disallowed with "noactive" or "nodictionary" or allowed by "forward_secrecy" or "mutual_auth"? I'm unable to connect the dots. Thanks, Michael