Kerberos authentication for IMAP?

Donn Cave donn at u.washington.edu
Wed Jun 11 18:55:37 CEST 2003


Quoth jps <jps at lopan.dccs.upenn.edu>:
| In <bc2g5c$1nmq$1 at nntp6.u.washington.edu> "Donn Cave" <donn at u.washington.edu> writes:
|> Anyway, supposing that the krb4 module is ready to go ... The imaplib
|> authenticate function deals with the AUTHENTICATE command, 6.2.2 in
|> the IMAP4 RFC 3501, which is more generically a SASL implementation.
|
| How about a python interface to the cyrus-sasl library written in Pyrex?
|
| You can find one on a page that Google knows:
| http://www.google.com/search?&q=site%3Awww.upenn.edu+python+sasl
|
| Go to the UNIX section to find the Python sasl module.
|
| And if anyone wants to take over the maintainance of this python sasl module,
| please let me know. We don't have the staff time to enhance or support it,
| but it fills an important need in Python.

I haven't downloaded it to see in detail what it does, but it looks
like Cyrus-SASL must introduce some extra complications, if it warrants
a C library unto itself.  I think the architecture is kind of unfortunate,
because that work that you can no longer afford to do was invested in the
support of a single application.

GSS authentication to the UW imapd works fine with a Python interface
to the MIT GSSAPI functions, ca. 400 lines of C, plus some 150 lines of
Python if you get really carried away.  The same GSSAPI module will work
for any GSS authenticated application.  Is Cyrus-SASL any different ``on
the wire''?  I assume not - it probably works with the Kerberos options
in (Windows) Eudora and MacOS X Mail, right?  So does UW imapd GSS
authentication, so that would apparently make them the same on the wire.

	Donn Cave, donn at u.washington.edu




More information about the Python-list mailing list