SASL Overview
SASL is a general method to add or enhance authentication in client/server protocols. Its primary purpose is to authenticate clients to servers. When you configure SASL, you must decide on both an authentication mechanism , for the exchange of authentication information (commonly referred to as user credentials), and an authentication framework for how user information is stored. The SASL authentication mechanism governs the challenges and responses between the client and server and how they should be encoded for transmission. The authentication framework refers to how the server itself stores and verifies password information. Figure 12-1 illustrates these two processes. Once an authentication is successful, the server knows the user’s identity and can determine which privileges the identified user should have. In the case of Postfix, it is the privilege to relay mail. You can also optionally limit identified users to using a particular sender address when they relay mail.
 |
Choosing an Authentication Mechanism
The client and server must agree on the authentication mechanism they’ll use. (See the Cyrus documentation for currently supported mechanisms.) Some of the more common mechanisms are listed below:
- PLAIN
The PLAIN mechanism is the simplest to use, but it does not include any encryption of authentication credentials. ...
Get Postfix: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
