Closed brong closed 14 years ago
From: Wes Craig
This change:
didn't get ported forward when proxyd's functionality was included in imapd. The patch to imapd.c is simple, if you'd like me to submit it.
From: Ken Murchison
Are you using this for webmail or something? Would it make more sense to use EXTERNAL for this?
From: Wes Craig
I'm using up.imapproxy to cache webmail connections through cyrus imap(proxy)d. AFAIK, SASL EXTERNAL isn't really suitable, since it has no facility to determine the user. The -N option, which was committed to proxyd some time ago, allows me to pass the user over the protocol with a dummy password. I start proxyd on these servers bound to localhost, so only other processes (up.imapproxyd) on the host can connect. up.imapproxyd is similarly limited, and IMP contacts up.imapproxyd through the loopback. HTTPd actually authenticates the user with a WebSSO (cosign).
From: Ken Murchison
If we "preauth" the connection as an admin, then the client can pass an authorization id as a parameter to EXTERNAL.
I'm just thinking out "loud". The old patch might still be the easiest, but I think a preauth'd connection using EXTERNAL sounds more like what is happening.
From: Wes Craig
I think you're right, if we invoke imapd with sufficient preauth, then a client issuing appropriate SASL EXTERNAL commands will get the same effect that I'm looking for. However, that would require changes to up.imapproxyd in addition to IMP. I'm not averse to making those changes, but I don't see much upside. I guess it would depend on whether the maintainer of up.imapproxyd would accept the changes. I don't think up.imapproxyd does any sort of SASL today.
From: Ken Murchison
The maintainer is now a CMU employee, so I can probably strong arm Dave. I'll take a look at the source myself. I promised Dave that I would look at something else, which I've since forgotten.
From: Wes Craig
Any movement on this? Or should I just port -N forward.
From: Ken Murchison
I haven't done anything. Feel free to port -N
From: Wes Craig Bugzilla-Id: 2972 Version: 2.3.x Owner: Ken Murchison