SASL support for mail proxy in NGINX
Quanah Gibson-Mount
quanah at zimbra.com
Mon Sep 8 22:28:01 UTC 2014
--On Tuesday, September 09, 2014 12:49 AM +0400 Maxim Dounin
<mdounin at mdounin.ru> wrote:
>> > We plan on adding SASL support to SMTP as well unless you guys have
>> > plan to do that already ?
>>
>> Any nginx developers have any thoughts on this?
>
> When talking to mail backends, nginx doesn't use SASL for
> authentication as it's believed to be superfluous to use it
> instead of native protocol commands in the non-hostile backend
> environment.
I'm not sure what you mean by this, can you expand please?
> There is SASL support in nginx mail module though, and it happily
> authenticates users with PLAIN, LOGIN and CRAM-MD5 SASL mechanisms
> (as long as http_auth script used is able to handle this).
These are particularly limited SASL mechanisms. Ours adds support for
linking to cyrus-sasl, for extended SASL mechanisms such as GSSAPI, SPNEGO,
etc. If that's not of interest, that's fine, but it's generally much more
useful security wise.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the nginx-devel
mailing list