Re: SASL support for mail proxy in NGINX
--On Friday, August 22, 2014 5:50 PM -0500 Kunal Pariani kpari...@zimbra.com wrote: Hello, Wanted to know if there's a plan to add SASL support to Nginx anytime soon ? Zimbra has patches that add SASL support for POP3 IMAP. Would you be interested in that as a contribution from us ? We plan on adding SASL support to SMTP as well unless you guys have plan to do that already ? Any nginx developers have any thoughts on this? Thanks, Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: SASL support for mail proxy in NGINX
--On Tuesday, September 09, 2014 12:49 AM +0400 Maxim Dounin mdou...@mdounin.ru wrote: We plan on adding SASL support to SMTP as well unless you guys have plan to do that already ? Any nginx developers have any thoughts on this? When talking to mail backends, nginx doesn't use SASL for authentication as it's believed to be superfluous to use it instead of native protocol commands in the non-hostile backend environment. I'm not sure what you mean by this, can you expand please? There is SASL support in nginx mail module though, and it happily authenticates users with PLAIN, LOGIN and CRAM-MD5 SASL mechanisms (as long as http_auth script used is able to handle this). These are particularly limited SASL mechanisms. Ours adds support for linking to cyrus-sasl, for extended SASL mechanisms such as GSSAPI, SPNEGO, etc. If that's not of interest, that's fine, but it's generally much more useful security wise. --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: SASL support for mail proxy in NGINX
Hello! On Mon, Sep 08, 2014 at 03:28:01PM -0700, Quanah Gibson-Mount wrote: --On Tuesday, September 09, 2014 12:49 AM +0400 Maxim Dounin mdou...@mdounin.ru wrote: We plan on adding SASL support to SMTP as well unless you guys have plan to do that already ? Any nginx developers have any thoughts on this? When talking to mail backends, nginx doesn't use SASL for authentication as it's believed to be superfluous to use it instead of native protocol commands in the non-hostile backend environment. I'm not sure what you mean by this, can you expand please? I mean: nginx uses LOGIN when talking to IMAP backends, USER/PASS when talking to POP3 backends, and I don't see reasons to use SASL mechanisms instead when talking to backends. There is SASL support in nginx mail module though, and it happily authenticates users with PLAIN, LOGIN and CRAM-MD5 SASL mechanisms (as long as http_auth script used is able to handle this). These are particularly limited SASL mechanisms. Ours adds support for linking to cyrus-sasl, for extended SASL mechanisms such as GSSAPI, SPNEGO, etc. If that's not of interest, that's fine, but it's generally much more useful security wise. No, linking to cyrus-sasl isn't an option, thanks. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
