2 # README.SASL - Readme about SASL support in nmh
7 SASL is short for the Simple Authentication and Security Layer. Is is
8 a framework for adding authentication and encryption to network protocols.
9 It is described in IETF RFC 2222.
11 This release of nmh supports SASL for POP and SMTP. The SASL support
12 is implemented using the Cyrus-SASL library. This library can be found
13 at ftp://ftp.andrew.cmu.edu/pub/cyrus-mail. Obviously, SASL support only
14 works if you use --enable-pop and the SMTP mail transport.
16 This release of NMH only supports "Version 2" of the Cyrus SASL library.
17 It should work with any newer Cyrus SASL release, but it was tested with
18 Cyrus SASL 2.1.12. In particular, the CRAM-MD5 and GSSAPI (Kerberos 5)
19 mechanisms were tested.
21 Currently, security layers ("encryption" in SASL-speak) are only supported
22 for POP. This means that if your POP server _and_ the selected GSSAPI
23 mechanism supports it, POP communications will be encrypted. Currently
24 SMTP does NOT support security layers; this may be added in a future
27 If you are curious as to whether or not your communications are actually
28 encrypted or not, you can use the -snoop flag to the POP utilities.
29 Communication that is encrypted is preceeded by an (*).
31 If you would like to use the GSSAPI SASL mechanism (Kerberos V), you
32 should read very carefully the documentation that comes with
33 Cyrus-SASL, specifically the GSSAPI documentation. Getting the GSSAPI
34 plugin to work correctly with SASL can be "interesting" to say the least.
projects / mmh / blob