Re: [Exim] Auth Cram_MD5 config files looked for ...

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Leonardo Boselli
CC: exim-users
Subject: Re: [Exim] Auth Cram_MD5 config files looked for ...
On Mon, 23 Aug 1999, Leonardo Boselli wrote:

> It occours that the only usable (that is, well known by most of MY
> users) client available works only with cram_md5 encryption.


Just for the record: Pine uses LOGIN authentication; Netscape uses PLAIN
authentication. I think both of these are fairly "well known".

> Did someone succeed in
> a) an auth section of configure file allowing to use a list of
> names/secrets


I have not tested this, but something like

server_secret = ${lookup{$1}lsearch{/list/of/secrets}{$value}fail}

should work.

> b) better: using the /etc/passwd files unchanged


I don't see how you can use CRAM-MD5 with /etc/passwd. CRAM-MD5
transmits to the server the MD5 digest of a string which includes the
secret. There is no way the server can recover the secret from this
string. What the server has to do is to compute the same MD5 digest and
compare it with what it has received. To do this, it has to have a
plaintext copy of the secret. However, /etc/passwd does not store this.
It keeps the result of processing the secret with crypt().

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.