> On 18/01/2021 11:08, Simon Matter wrote: >>> Hi, >>> >>> X509/client-certificates actually work very well, I've been using it >>> for >>> quite some time. I guess the client-certificate provisioning is a bit >>> hard >>> for users. >>> >>> I myself was curious about a mechanism via XOAUTH2 authentication that >>> some big players support; (I presume) it means you authenticate once >>> via a >>> web page (option for 2nd factor) and use a bearer token to authenticate >>> from that moment on. >>> I don't think Cyrus SASL supports XOAUTH2 yet; I noticed Dovecot does >>> and >>> was thinking about the option to use Dovecot as a proxy with XOAUTH2 >>> authentication and use authorization (from the admin user) to Cyrus (or >>> try the mechanism in Dovecot first for that matter). >>> >>> I guess there are more clients that support x509 compared to XOAUTH2 >>> though, but you can have users enable less safe mechanisms explicitly >>> perhaps, and support multiple mechanisms. >> >> Hi Paul, >> >> Can XOAUTH2 be used without using anything from Google or other big >> brothers? > > Yes; There is nothing Microsoft or Google specific about OAUTH2, and > that's what is used. In the dovecot implementation I noticed you can > enter your own grant/token/introspection URLs, client secrets and what > not. > It's also only recently that Thunderbird has native support I think for > OAUTH, since version 78. And some mail clients may only have it for the > big players as a profile - didn't check. > > I noticed in the postfix integration that dovecot plays the role of the > SASL server, so maybe it is also possible to use this as a the sasl > socket, also something I did not check on at all ;-) but I'm thinking > out loud, > > Re: > >> I found these: >> >> https://github.com/moriyoshi/cyrus-sasl-xoauth2 > > That seems to be a client implementation, for cases where you need to > use eg. O365, > > Regards, > Paul Thank you for all the details! ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T270ab79574d5f63e-M6b5e16a2c927a99fc3436f45 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
