From: Alexander Hoogerhuis (alexhboxed.no)
Date: Thu Dec 13 2007 - 14:02:34 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Noel Jones wrote:
> Alexander Hoogerhuis wrote:
>> Victor Duchovni wrote:
>>> On Thu, Dec 13, 2007 at 12:49:52PM -0500, Wietse Venema wrote:
>>>
>>>> Alexander Hoogerhuis:
>>>>> A quick question regarding postfix 2.4 and authentiation:
>>>>>
>>>>> Is there any similar mechinsm to smtp_sasl_password_maps that would
>>>>> allow postfix as a server to have a simple map of remote IP/network
>>>>> and user:pass stored, and not having to go through using full SASL?
>>>
>>> The simplest out-of-the-box solution is a TLS client cert and
>>> check_ccert_access. This gives you both a secure-channel for
>>> authentication and authentication in one step.
>>>
>>
>> Thanks for the quick feedback. I did look into this and run a private
>> CA so I can issue client certs, but Exchange 2000/2003 looked
>> troublesome to implement as clients for postfix this way. I'd love to
>> be proven wrong, but that's the scope of some other list or forum. :)
>>
>> -A
>
> The dovecot sasl implementation is about as simple as it can get right
> now. Dovecot packages are available for most OS's, and dovecot can be
> *easily* configured to use a wide variety of data sources, including
> (but not limited to) system passwd file, passwd-like files, and plain
> text files.
>
> To use dovecot as the postfix SASL backend, it's not required to use
> dovecot as your IMAP/POP server if you're happy with what you currently
> use. But dovecot does that pretty well too.
>

Yes, I know this and I could have whipped it up quickly, but I was
hoping to get something very dumb and simple going, such as a hash map
and a simple flat file. It's the same reason I do DNS in flat files
still, it is very fool proof and this very stable. ;)

-A

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]