[Imap-uw] sasl secuity-layer support
msirota at isc.upenn.edu
Fri Feb 3 19:16:36 PST 2006
--On Friday, February 3, 2006 6:42 PM -0800 Mark Crispin
<MRC at cac.washington.edu> wrote:
> I could count the number of times I've been asked about supporting SASL
> security layers in UW imapd on one hand...and still have some fingers
Penn will happy take another finger. :-)
> For that matter, relatively few IMAP clients support Kerberos. I use
> Kerberos with IMAP extensively, and have always just used TLS for
Penn is doing everything we can to increase the number of Kerberized IMAP
clients, like contributing the funds to Kerberize Eudora and contributing
the SASL/GSSAPI/Kerberos implementation recently introduced in
Thunderbird (we'll have LDAP done by the next release).
We have also kinda-sorta Kerberized Horde/IMP webmail and have
implemented SASL/GSSAPI/Kerberos for authentication with the webmail
"imapproxy" program. However, because the HTTP connection from the user
to the webmail host is not Kerberized, the implementation requires some
trust on the part of the IMAP server that the webmail service has
properly authorized the user. Someday, when we have a proper Kerberos
over HTTP solution, we'll be all the way there.
Sadly, the loss of Mulberry in October makes it a two step forward, one
step back sort of process.
More information about the Imap-uw