> Hi, > > X509/client-certificates actually work very well, I've been using it for > quite some time. I guess the client-certificate provisioning is a bit hard > for users. > > I myself was curious about a mechanism via XOAUTH2 authentication that > some big players support; (I presume) it means you authenticate once via a > web page (option for 2nd factor) and use a bearer token to authenticate > from that moment on. > I don't think Cyrus SASL supports XOAUTH2 yet; I noticed Dovecot does and > was thinking about the option to use Dovecot as a proxy with XOAUTH2 > authentication and use authorization (from the admin user) to Cyrus (or > try the mechanism in Dovecot first for that matter). > > I guess there are more clients that support x509 compared to XOAUTH2 > though, but you can have users enable less safe mechanisms explicitly > perhaps, and support multiple mechanisms. Hi Paul, Can XOAUTH2 be used without using anything from Google or other big brothers? Kind regards, Simon ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T0cce10bfd349100c-M0bf25dcd863618d4ecc74c46 Delivery options: https://cyrus.topicbox.com/groups/info/subscription