On 18/01/2021 11:08, Simon Matter wrote: >> Hi, >> >> X509/client-certificates actually work very well, I've been using it for >> quite some time. I guess the client-certificate provisioning is a bit hard >> for users. >> >> I myself was curious about a mechanism via XOAUTH2 authentication that >> some big players support; (I presume) it means you authenticate once via a >> web page (option for 2nd factor) and use a bearer token to authenticate >> from that moment on. >> I don't think Cyrus SASL supports XOAUTH2 yet; I noticed Dovecot does and >> was thinking about the option to use Dovecot as a proxy with XOAUTH2 >> authentication and use authorization (from the admin user) to Cyrus (or >> try the mechanism in Dovecot first for that matter). >> >> I guess there are more clients that support x509 compared to XOAUTH2 >> though, but you can have users enable less safe mechanisms explicitly >> perhaps, and support multiple mechanisms. > > Hi Paul, > > Can XOAUTH2 be used without using anything from Google or other big brothers? Yes; There is nothing Microsoft or Google specific about OAUTH2, and that's what is used. In the dovecot implementation I noticed you can enter your own grant/token/introspection URLs, client secrets and what not. It's also only recently that Thunderbird has native support I think for OAUTH, since version 78. And some mail clients may only have it for the big players as a profile - didn't check. I noticed in the postfix integration that dovecot plays the role of the SASL server, so maybe it is also possible to use this as a the sasl socket, also something I did not check on at all ;-) but I'm thinking out loud, Re: > I found these: > > https://github.com/moriyoshi/cyrus-sasl-xoauth2 That seems to be a client implementation, for cases where you need to use eg. O365, Regards, Paul ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T270ab79574d5f63e-Mb6f96e747fbcfd2cc06f7e1d Delivery options: https://cyrus.topicbox.com/groups/info/subscription
