Re: [Exim] "Complex" SMTP AUTH conditions

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: michael
Dátum:  
Címzett: exim-users, peter.galbavy
Tárgy: Re: [Exim] "Complex" SMTP AUTH conditions
> I already allow people to log into their pop3 and imap accounts using their
> full e-mail address (peter.galbavy@??? for me). To allow people to
> use the same details for SMTP AUTH I need to split the username on the '@'
> using a regex...


Be aware that netscape throws the @ with anything that follows it away.
At least it used to do so, which is why I allow a semicolon instead of
an @ as well.

> BTW Is there anyway that anyone can see for me to support CRAM with
> pre-encrypted passwords ? I don't think that this is possible, but I am
> willing to be proved wrong.


I don't know if Exim supports that and if SMTP AUTH is like IMAP AUTH, but
read about CRAM-MD5 for AUTH in imap, RFC2195, which I just have in front
of me:

Keyed MD5 is chosen for this application because of the greater
security imparted to authentication of short messages. In addition,
the use of the techniques described in [KEYED-MD5] for precomputation
of intermediate results make it possible to avoid explicit cleartext
storage of the shared secret on the server system by instead storing
the intermediate results which are known as "contexts".

Michael