Arnt Gulbrandsen <arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> wrote:
Dilyan(_dot_)Palauzov(_at_)aegee(_dot_)org wrote:
Are there any reasons to include "Reauthentication is not supported by=20
ManageSieve protocol's profile of SASL. I.e. after a successfully=20
completed AUTHENTICATE command, no more AUTHENTICATE commands may be=20
issued in the same session." in draft-martin-managesieve-10/2.1=20
AUTHENTICATE Command ?
That makes it possible to drop privileges on authentication.
We have a distributed mail store, where each back-end Cyrus server hosts
a subset of the users, and front-end proxy servers direct connections
depending on the user that logs in. The proxy only needs to implement
enough POP/IMAP/managesieve to allow the user to log in, then it knows
the username and can find out which back-end server to connect to. After
a successful login the proxy just shovels bytes back and forth.
Reauthentication would require a much more complicated proxy.
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
FORTIES CROMARTY FORTH TYNE: EASTERLY 3 OR 4, INCREASING 5 OR 6 IN FORTIES AND
CROMARTY. SLIGHT OR MODERATE. THUNDERY SHOWERS, FOG BANKS. MODERATE,
OCCASIONALLY VERY POOR.