Re: [Exim] Second stab at supporting Cyrus SASL's saslauthd

On Aug 1 Alexander Sabourenkov wrote:

>Matt Bernstein wrote:
>[...]
>>>We haven't yet deployed Cyrus IMAP, so the testing was at most cursory.
>>
>> I wouldn't say that! Cyrus SASL does not in any way depend on Cyrus IMAP,
>> so if it works it works :)
>
>Yes, but I prefer to test the whole config i'll be using once i'm certain
>there are no obvious errors in components.

Hi, I'm now running authentication using your saslauthd thing. It works,
but if I dont explicitly give an empty realm then auth.log repots garbage
for the realm in the case of auth failures. I guess it needs a default,
and the check in auth_call_saslauthd() is wrong (wasn't NULL to start).

>> I'll try to have a look at this in the next week or three, but in the
>> longer term I might have a crack at writing a "sasl" authenticator (server
>> only) for Exim, which would be able to advertise DIGEST-MD5, GSSAPI etc.
>> The SASL API looks quite straightforward, and the Exim's idea of an
>> authentication conversation seems to fit quite neatly.
>>
>> Is anyone else looking at this?
>
>Hmm. An overkill I'd say.

Why? We might want to switch to GSSAPI in order to secure our NFS network;
given that Cyrus can do it, why not use it for Exim too? Then all you need
is one login for all your files and e-mail--remember those days? Only
these days it'd be OK to do this from home over an insecure network :)

Anyway, thanks for helping get LDAP out of my Exim :)

Matt