> KH: 'To support OAuth2 for Gmail requires your project to >register with Google and obtain a specific key (well, what you get is >a "client_id" and a "client_secret"); we did that for nmh. It's not >clear to me how that would work for Cyrus-SASL; would every >application have to register an API key?' > This isn't a problem for me: sendmail is the only app that >matters to me. I don't think you quite understand the problem here. Are YOU, Russell Bell, going to be registering a key for sendmail, an application that as far as I can tell you do not manage? I can only say that if someone did that for nmh and I wasn't involved in that I'd be kind of pissed. If you, Russell Bell, are going to be registering a client key for "Russell Bell's Awesome Email application" and you just happen to use that with your copy of sendmail then that's fine, but it's more work. > KH: 'the key difference here is the GSSAPI library and >Kerberos utilities take care of all that for you; all you need to do >as an application programmer is make GSSAPI calls and you get the >necessary info back. There is not, AFAIK, a comparable library in C >that is designed for this work' > liboauth is a collection of c functions implementing the >http://oauth.net API - does that help? Ah, that library was not listed on the OAuth web page. But ... I would caution you that it seems like that library hasn't been worked on in 4-5 years and it looks like it only implements OAuth 1.0 (the original XOAUTH mechanism), and GMail now supports OAuth 2.0. > I found a plugin for mutt that does this; mutt uses sendmail. >I also found Java and VB scripts. I think it's possible as a >wrap-around - I just have to reverse-engineer it. I also found a >description of how to do it by telnetting to the SMTP port, passing >the token, a couple of extra steps. Right, I've done that myself during testing, but I think "wrapping" sendmail is probably a lot harder than you realize, since the SASL negotiation happens in-band (I suppose a simple proxy might be easier). Some more digging around showed there was enough pieces that might make this feasible; there is a OAUTH SASL mechanism plugin (which looks like it only implements the older XOAUTH mechanism, not XOAUTH2), and you are given a Python script that lets you do the login sequence you need to get the grant. I am not sure it would be the best choice for sendmail, though ... it looks like it might assume that you can do some interactive stuff for additional information and that won't work with sendmail. But I suppose there is only one way to find out. --Ken