On 1 Aug 2005 at 14:22, Marc Perkel wrote about
"Re: [exim] Why doesn't Exim authent":
| But Fred - there are plain text authenticators and if you use SSL then
| it's encrypted.
Did I say otherwise? I was just pointing out that the idea is not
generally applicable to all authenticators, which some could see as
an argument against it.
| These can cal to Cyrus SASL which on my setup talks to
| IMAL using the rimap setting.
| My point is - what does Exim bother with
| talking to SASL which talks to IMAP when it could - in theiry - talk to
| IMAP direstly and eliminate the SASL layer?
There's a gazillion ways the SASL daemon could be doing the
authentication. I presume many of them are not yet supported
directly in exim but could be, in theory.
| It's a simplicity thing.
I'm being presumptuous, but I think the conventional wisdom is that
encapsulating the authentication function in a single entity used by
multiple apps is simpler than duplicating all the possible
authentication methods in every app.
It sounds like in your case, the only reason you are running the SASL
daemon is to connect exim to the IMAP authenticator. So I can
understand why it seems to you like an obvious idea to eliminate the
middleman.
But it's a slippery slope, and ISTM that that way lies madness. If
you support authenticating against an IMAP server, then surely you
must also support POP servers - what's the difference? And other
SMTP servers. And go to think of it, what's the difference between
that and authenticating against shell servers - better add support
for using telnet, rlogin, ssh, etc.
And BTW, you haven't yet made the argument that this is the only way
to eliminate the Cyrus SASL daemon in your own setup. exim supports
many of the same backend databases as Dovecot, are you not using a
common one?
- Fred
