[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: restricted relaying
On Sat, Dec 04, 1999 at 06:19:35PM +0100, Artur Urbanowicz wrote:
> E.Colanski wrote:
> > [...]
> > Ok. It turned out that smtp-auth login could be good for us but one
> > exception. I couldn't force pmail for cooperation with that.
> > ... (in technical terms, Pegasus Mail conforms to RFC2554, using the
> > ESMTP AUTH command)."
> Pegasus Mail 3.12a does not support LOGIN method of user
> authentication. David Kocmoud <firstname.lastname@example.org>, a member
> of Pegasus Mail support team told me, that Pegasus Mail 3.12a
> understands CRAM-MD5 authentication only, but in near future
> LOGIN (or PLAIN) methos will be implemented.
Right, RFC 2554 does indeed refer to CRAM-MD5, however that requires
passwords stored in plain text somewhere -- as is common for shared-
secret authentication methods.
The "AUTH LOGIN" is something what NetScape defined, and M$ imitated,
and strictly speaking it isn't quite kosher as the password is going
over the link in plain text -- but doing it inside SSL/TLS stream
encryption does help somewhat.
It should not be too difficult to create CRAM-MD5 code for the server
with notable exception of problem at storing/maintaining the shared
secrets at the server. Doing that under e.g. PAM framework could
alleviate the problem, but I am not an expert there.
(And of course the result would be highly specific to PAM-supporting
platforms -- e.g. Linux, and perhaps Solaris ..)
> Artur Urbanowicz
> P.S. There is Pegasus Mail 3.12b available at www.pegasus.usa.com
> - check this out!
/Matti Aarnio <email@example.com>