2 # README.SASL - Readme about SASL support in nmh
5 SASL is short for the Simple Authentication and Security Layer. Is is
6 a framework for adding authentication and encryption to network protocols.
7 It is described in IETF RFC 2222.
9 This release of nmh supports SASL for POP and SMTP. The SASL support
10 is implemented using the Cyrus-SASL library. This library can be found
11 at ftp://ftp.andrew.cmu.edu/pub/cyrus-mail. Obviously, SASL support only
12 works if you use --enable-pop and the SMTP mail transport.
14 This release of NMH only supports "Version 2" of the Cyrus SASL library.
15 It should work with any newer Cyrus SASL release, but it was tested with
16 Cyrus SASL 2.1.22. In particular, the CRAM-MD5 and GSSAPI (Kerberos 5)
17 mechanisms were tested. Older versions of Cyrus-SASL had a bug which
18 could manifest when negotiating encrypting depending on the encryption
19 type you used, so a newer version of Cyrus-SASL is recommended.
21 Currently, security layers ("encryption" in SASL-speak) are supported
22 for both POP and SMTP. This means that if your POP or SMTP server
23 _and_ the selected SASL mechanism supports it, client-server
24 communications will be encrypted. In theory this should work with
25 any SASL mechanism that supports security layers; it has only been
26 tested with the GSSAPI mechanism.
28 If you are curious as to whether or not your communications are actually
29 encrypted or not, you can use the -snoop flag to the POP or SMTP utilities.
30 Communication that is encrypted is preceeded by an (encrypted) or
31 (decrypted), depending on the direction of communication.
33 If you would like to use the GSSAPI SASL mechanism (Kerberos V), you
34 should read very carefully the documentation that comes with
35 Cyrus-SASL, specifically the GSSAPI documentation. Getting the GSSAPI
36 plugin to work correctly with SASL can be "interesting" to say the least.
projects / mmh / blob