Fred Viles wrote:
It sounds like in your case, the only reason you are running the SASL
daemon is to connect exim to the IMAP authenticator. So I can
understand why it seems to you like an obvious idea to eliminate the
middleman.
Yes! Yes! - you got it now! That is exactly my point!
But it's a slippery slope, and ISTM that that way lies madness. If
you support authenticating against an IMAP server, then surely you
must also support POP servers - what's the difference? And other
SMTP servers. And go to think of it, what's the difference between
that and authenticating against shell servers - better add support
for using telnet, rlogin, ssh, etc.
Actually I would include pop servers as well. The choices would be:
imap imaps pop3 pop3s.
And onle these because they are email protocols. The idea here being
that you would allow people to send who have an account to receive email.
The other protocols don't count because they aren't email related. On my
server virtual email users don't have unix accounts.
And BTW, you haven't yet made the argument that this is the only way
to eliminate the Cyrus SASL daemon in your own setup. exim supports
many of the same backend databases as Dovecot, are you not using a
common one?
I may be missing something but I haven't seen a lot of examples of Exim
doing fancy stuff for SASL authentication. It might be possibile to
write complex authenticators, but again, I'm looking for simplicity
here. Something like:
imap-auth:
driver = plaintext
public_name = PLAIN
protocol = imap
host = localhost
It's not that I'm not happy with Cyrus-SASL. It's fantastic. But I'm
just the kind of guy that like to eliminate steps that aren't necessary.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
