<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] IMAP authuser support



On Wednesday, 11 May 2005 at 22:02, David Champion wrote:
> 
> Thanks for your comments, Brendan.  To address what you've said already:
> 
> 
> * On 2005.05.11, in <20050512015051.GA412@xxxxxxxxxxxxxx>,
> *     "Brendan Cully" <brendan@xxxxxxxxxx> wrote:
> > 
> > I believe this is the format defined in RFC 2595.
> 
> I see something similar, but not that exactly.  I suspect/hope that
> it's in an RFC, but it doesn't appear to be 2595.  I'll keep looking --
> perhaps it's in one of the more directly SASL-related RFCs, and 2595
> uses what it has based on that precedent.

Note that the exchange gets transformed by the SASL IMAP
profile. That's where the base 64 encoding happens, for instance.

> I might be missing something -- I haven't been able to use/look at
> SASL very extensively -- but I thought it was necessary to support
> SASL explicitly on both sides.  If that's so, then to the best of my
> knowledge I'm not looking at a SASL-capable server.

I'm not sure what you mean, but SASL support is indicated by
AUTHENTICATE=foo fields in the IMAP capability list. If a server
advertises those, it is supposed to be compatible with any SASL client
that shares the same mechanisms. Mirapoint probably is. I wonder
whether UW already does support PLAIN, now that I think about it.

> It's likely not broadly useful, true.  But when you need authuser,
> you need it in a mail client, and mutt is the choice of many mail
> administrators.

I think that's true. That's why I'd like to see a SASL patch :)
That would make it more general anyway - SASL should support authuser
for GSSAPI and DIGEST-MD5 as well as PLAIN.

> ago).  More importantly I've never been able to fully build any version
> of SASL on any version of Solaris, and I've heard vaguely of other
> people's portability problems with it, so I don't feel very alone.  But
> I might not have been batting it with a heavy enough brick, since I've
> never *needed* to use it.  I have a feeling it's not code, it's just
> auto{make,conf} configuration madness.

I'm pretty sure it's surmountable. For one thing, blastwave packages
it. I haven't looked at the package though.

> I suspect that one day I'll need to stop worrying and love SASL anyway.
> I just don't like to see this difficulty as a requirement for my mutt
> build, when I don't otherwise have any need of SASL at all and a small
> amount of existing code can dodge the dependency.

Fair enough. But the tentacles of the SASL library are spreading, and
honestly I think that's a good thing. More applications should have
decent authentication primitives, and libsasl's a whole lot easier to
use than the kerberos libraries. Maybe I'll get around to the trivial
$imap_authuser patch myself in a couple of weeks, if you don't feel
like it. But, if it's any incentive, I'll commit a SASL version before
1.6 :)

After all, it should be pretty trivial.

Attachment: pgpJbtKheqsTB.pgp
Description: PGP signature