[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: restricted relaying

On Sat, Dec 04, 1999 at 06:19:35PM +0100, Artur Urbanowicz wrote:
> Hello,
> E.Colanski wrote:
> > [...]
> > Ok. It turned out that smtp-auth login could be good for us but one
> > exception. I couldn't force pmail for cooperation with that.
> > ... (in technical terms, Pegasus Mail conforms to RFC2554, using the
> > ESMTP AUTH command)."
> Pegasus Mail 3.12a does not support LOGIN method of user 
> authentication. David Kocmoud <david-kocmoud@tamu.edu>, a member
> of Pegasus Mail support team told me, that Pegasus Mail 3.12a 
> understands CRAM-MD5 authentication only, but in near future
> LOGIN (or PLAIN) methos will be implemented.

  Right, RFC 2554 does indeed refer to CRAM-MD5, however that requires
  passwords stored in plain text somewhere -- as is common for shared-
  secret authentication methods.

  The "AUTH LOGIN" is something what NetScape defined, and M$ imitated,
  and strictly speaking it isn't quite kosher as the password is going
  over the link in plain text -- but doing it inside SSL/TLS stream
  encryption does help somewhat.

  It should not be too difficult to create CRAM-MD5 code for the server
  with notable exception of problem at storing/maintaining the shared
  secrets at the server.  Doing that under e.g. PAM framework could
  alleviate the problem, but I am not an expert there.
  (And of course the result would be highly specific to PAM-supporting
   platforms -- e.g. Linux, and perhaps Solaris ..)

> Regards,
> Artur Urbanowicz
> P.S. There is Pegasus Mail 3.12b available at www.pegasus.usa.com
>      - check this out!
/Matti Aarnio	<mea@nic.funet.fi>