Re: [Exim] Auth Cram_MD5 config files looked for ...

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Leonardo Boselli
Data:  
Para: Philip Hazel, exim-users
Asunto: Re: [Exim] Auth Cram_MD5 config files looked for ...
On 24 Aug 99, at 9:25, Philip Hazel wrote:
> On Mon, 23 Aug 1999, Leonardo Boselli wrote:
> > It occours that the only usable (that is, well known by most of MY
> > users) client available works only with cram_md5 encryption.
> Just for the record: Pine uses LOGIN authentication; Netscape uses PLAIN
> authentication. I think both of these are fairly "well known".

When i said "well known"i wished to say "whose usage is well
known" . Netscape under windows have a little bug that render it
unsecure for non expert users (It allow to leave the user password
in a group readable file!).(under linux it is ok however)

> > Did someone succeed in
> > a) an auth section of configure file allowing to use a list of
> > names/secrets
> I have not tested this, but something like
> server_secret = ${lookup{$1}lsearch{/list/of/secrets}{$value}fail}
> should work.


> > b) better: using the /etc/passwd files unchanged
> I don't see how you can use CRAM-MD5 with /etc/passwd. CRAM-MD5
> transmits to the server the MD5 digest of a string which includes the
> secret. There is no way the server can recover the secret from this
> string. What the server has to do is to compute the same MD5 digest and
> compare it with what it has received. To do this, it has to have a
> plaintext copy of the secret. However, /etc/passwd does not store this. It
> keeps the result of processing the secret with crypt().

Even me have a problem in figuring it !!!
So I thought of another option:
Every user  should be able to put a file in his /home/directory called 
.ASMTPsecret with access 0600 ( or 0640 group mail ? )
If I have understand this would require:
server_secret =      
${lookup{$1}lsearch{/home/$1/.ASMTPsecret}{$value}fail}


having for exampl a
/home/leo/.ASMTPsecret containing
leo:SeCrEt

Am I right ?

> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.

>
>



Leonardo Boselli
nucleo informatico e telematico
Dipartimento Ingegneria Civile
Universita` di Firenze
V. S. Marta 3 - I-50139 Firenze
tel +39()0554796431 fax +39()055495333
http://www.dicea.unifi.it/~leo