Authorization identity for IMAP proxy

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Authorization identity for IMAP proxy

Sylvain Amrani
Hi list,

IMAP servers (dovecot, cyrus...) rely on SASL authentication.

The SASL specs let the client requests a different identity than the one used for authentication.

RFC 3501 says : The authorization identity passed from the client to the server during the authentication exchange is interpreted by the server as the user name whose privileges the client is requesting.

Dovecot proxy and Cyrus frontends in murder architecture use this to authenticate with an admin account and request a user identity. It's very useful to authenticate via proxies without to know the user's password.

Is there a way to let NGINX use different identification and authentication ids to authenticate to the remote imap server ? I can't figure out what to put in the AUTH-* headers to do that.


nginx mailing list
[hidden email]