<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] IMAP authuser support



On Tuesday, 10 May 2005 at 21:43, David Champion wrote:
> Mirapoint have chosen a different method of doing superuser
> authentication, though -- they compile a string of the real user name,
> the authuser name, and the [authuser] password, separated by null bytes,
> and submit that base64-encoded in an AUTHENTICATE PLAIN negotiation.
> This unfortunately doesn't work with any IMAP client without explicit
> authuser support in the client.
> 
> (I don't know whether this is Mirapoint's own invention, or whether it's
> commonly used, but for the present I've called it "Mirapoint style".)

I believe this is the format defined in RFC 2595.

I'm under a pretty severe time crunch right now, so I can't take a
close look at the problem, but I have a feeling you're reinventing at
least some of the wheel. Mutt already supports SASL, and SASL already
supports authuser. You'd have a much smaller patch if you just added
$imap_authuser and passed that along to the SASL library.

I seem to recall that you'd prefer to avoid the extra dependency, but
I think it's preferable to adding redundant code. Especially since,
like the GSSAPI code, it's not going to be used in distributions and
will probably ended up rotting on the vine.

>     - an $imap_authuser_style variable, which switches between UW
>       and Mirapoint authuser methods, so that the same interface can
>       be used with either server type.  This should be set to
>       "none", "uw", or "mirapoint".
> 
> The patch does not autodetect which method the server uses.  I'm not
> confident that reliable tests for this can be devised, really.

I don't think this is necessary. In the UW case you can just mangle
imap_user by hand. I'd be surprised if UW didn't pick up the SASL
style eventually anyway, since it's the standard.

Of course, this is all an off-the-cuff opinion - if you've found
problems with the SASL library I'd like to hear about them.

-b

Attachment: pgpBG7IQ6SpES.pgp
Description: PGP signature