NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-01

Re: Postifx authentication for clients

From: Alexander Hoogerhuis (alexhboxed.no)
Date: Sun Jan 06 2008 - 23:04:21 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema wrote:
> Alexander Hoogerhuis:
>> Wietse Venema wrote:
>>> Alexander Hoogerhuis:
>>>> A quick question regarding postfix 2.4 and authentiation:
>>>>
>>>> Is there any similar mechinsm to smtp_sasl_password_maps that would
>>>> allow postfix as a server to have a simple map of remote IP/network and
>>>> user:pass stored, and not having to go through using full SASL?
>>> With Postfix you can plug in an alternate if you don't like the
>>> Dovecot or Cyrus ones. Docs in src/xsasl.
>>>
>> Having had a look through the docs and read a bit, how well would it be
>> looked upon to implement a very simple model, call it "simple" for the
>> sake of a name, so that you could stick this in the config file and be
>> running:
>>
>> smtpd_sasl_type = simple
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_path = hash:/etc/postfix/sasl_auth_map
>
> The name "simple" exists as a SASL patch for Postfix before I added
> XSASL plug-in support.
>
>> and in /etc/postfix/sasl_auth_map:
>>
>> 1.2.3.4/30 user:pass
>> 5.6.7.8/30 foo:bar
>> [etc]
>>
>> The only aim for this would be to have a way to get a very simple
>> mechanism to challenge clients with a username and password and avoid
>> any external systems, and to rely simply on a flat file for the info.
>
> This would require an xsasl "plug-in" module that speaks the xsasl
> API, that announces the PLAIN and LOGIN mechanisms when asked what
> mechanisms it supports, and that speaks the PLAIN and LOGIN protocols
> as defined in the relevant RFC documents. I would be surprised if
> this (not including the xsasl "plug-in" overhead) required more
> than a couple dozen lines of code.
>
> By the way, if anyone wants to take Peter Bieringer's "simple" SASL
> for Postfix and turn it into a Postfix xsasl module, I can send a
> copy of the code from July 2004. Just like the Dovecot SASL support,
> it provides server-side SASL only.
>

Just wanted to quickly ask on the list here if anyone would considered
doing this as a paid service, up to the point of includsion into
postfix? Contact me privately for any proposals, talk relevant to the
technicalities stays on the list. :)

> Wietse

-A

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]