SASL support for mail proxy in NGINX

Quanah Gibson-Mount quanah at zimbra.com
Mon Sep 8 22:28:01 UTC 2014


--On Tuesday, September 09, 2014 12:49 AM +0400 Maxim Dounin 
<mdounin at mdounin.ru> wrote:

>> > We plan on adding SASL support to SMTP as well unless you guys have
>> > plan to do that already ?
>>
>> Any nginx developers have any thoughts on this?
>
> When talking to mail backends, nginx doesn't use SASL for
> authentication as it's believed to be superfluous to use it
> instead of native protocol commands in the non-hostile backend
> environment.

I'm not sure what you mean by this, can you expand please?

> There is SASL support in nginx mail module though, and it happily
> authenticates users with PLAIN, LOGIN and CRAM-MD5 SASL mechanisms
> (as long as http_auth script used is able to handle this).

These are particularly limited SASL mechanisms.  Ours adds support for 
linking to cyrus-sasl, for extended SASL mechanisms such as GSSAPI, SPNEGO, 
etc.  If that's not of interest, that's fine, but it's generally much more 
useful security wise.

--Quanah

--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration



More information about the nginx-devel mailing list