Skip to content

moriyoshi/cyrus-sasl-xoauth2

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 3 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.gitignore
 
 
COPYING
 
 
INSTALL
 
 
Makefile.am
 
 
README.md
 
 
autogen.sh
 
 
configure.ac
 
 
xoauth2_client.c
 
 
xoauth2_init.c
 
 
xoauth2_plugin.h
 
 
xoauth2_server.c
 
 
xoauth2_str.c
 
 
cyrus-sasl-xoauth2 Releases Building and installation Server-side configuration auxprops SASL2 settings Example: Postfix server (smtpd) / client (smtp) authentication configuration

README.md

cyrus-sasl-xoauth2

This is a plugin implementation of XOAUTH2.

FYI: if you are forced to use XOAUTH2-enabled SMTP / IMAP servers by your employer and want to keep using your favorite *nix MUA locally, the following detailed document should help a lot: http://mmogilvi.users.sourceforge.net/software/oauthbearer.html (DISCLAIMER: in contrast to the document's author, I'd rather read and write emails on my browser a lot. I haven't tested it personally)

Releases

Building and installation

./autogen.sh
./configure
sudo make install

Server-side configuration

auxprops

  • oauth2BearerTokens

    Stores the token values for the specified authentication ID.

SASL2 settings

  • xoauth2_scope

    The name of the authorization scope that will appear in the error response.

Example: Postfix server (smtpd) / client (smtp) authentication configuration

  • main.cf:

    # ... OTHER SETTINGS GO HERE ...

# SERVER
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_relay_restrictions = permit_sasl_authenticated, reject

# CLIENT
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_sasl_mechanism_filter = xoauth2
smtp_sasl_security_options =
smtp_tls_security_level = may
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

  • /etc/postfix/saslpasswd:

    [smtp.gmail.com]:587    YOUR-ACCOUNT@gmail.com:OAUTH2-TOKEN-RETRIEVED-BY-GMAIL-OAUTH2-TOOLS

    • /etc/postfix/saslpasswd.db needs to be generated with postmap:

      # postmap /etc/postfix/saslpasswd

    • Gmail OAuth2 Tools can be found here.

  • /etc/postfix/tls_policy:

    [smtp.gmail.com]:587    encrypt

    • /etc/postfix/tls_policy.db needs to be generated with postmap:

      # postmap /etc/postfix/tls_policy

  • ${sasl_plugin_dir}/smtpd.conf:

    log_level: DEBUG
sql_engine: sqlite3
sql_database: /etc/sasldb2.sqlite3
sql_select: SELECT props.value FROM users JOIN props ON users.id=props.user_id WHERE users.name='%u' AND users.realm='%r' AND props.name='%p'
xoauth2_scope: https://mail.example.com/
auxprop_plugin: sql
mech_list: xoauth2

  • /etc/sasldb2.sqlite3:

    Generated from the following DDL and SQL statements:

    PRAGMA foreign_keys=OFF;
BEGIN TRANSACTION;
CREATE TABLE users (id INTEGER PRIMARY KEY, name VARCHAR, password VARCHAR, realm VARCHAR);
INSERT INTO "users" VALUES(1,'test','test','example.com');
CREATE TABLE props (id INTEGER PRIMARY KEY, user_id INTEGER, name VARCHAR, value VARCHAR, FOREIGN KEY (user_id) REFERENCES users (id));
INSERT INTO "props" VALUES(1,1,'userPassword','*');
INSERT INTO "props" VALUES(2,1,'oauth2BearerTokens','token');
COMMIT;

About

XOAUTH2 mechanism plugin for cyrus-sasl

Topics

postfix gmail sasl cyrus-sasl xoauth2

Resources

Readme

License

MIT license
Activity

Stars

66 stars

Watchers

7 watching

Forks

14 forks
Report repository

Releases 3

0.2 Latest
Apr 27, 2020
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages