Hi
Ive been able to get SMTP Authenication working using LDAP if anyone is
interested.
(PLAINTEXT AND LOGIN)
Cheers
At 12:45 PM 00/08/23, you wrote:
>On Wed, 23 Aug 2000, Christi Alice Scarborough wrote:
>
> > cram:
> > driver = cram_md5
> > public_name = CRAM-MD5
> > server_secret = ${if crypteq{$2}{\{crypt\}${lookup {$1}
> lsearch{/etc/shadow}{${extract{1}{:}{$value}}} fail } } {secret1} fail }
> >
> > which I think should do the following. Take the secret string passed
> > by the client, containing the username ($1) and password ($2) and extract
> > the users crypted password string from the password file. This should
> > then be compared with the value passed by the user.
>
>No, that isn't the way CRAM-MD5 works. What you have described is the
>way that LOGIN authentication works. CRAM-MD5 is a completely different
>kettle of fish (see chapter 35). You need to have the secret stored *in
>plain* on the server. You can't use an encrypted password. The client
>doesn't send the secret - it sends an MD5 hash of the challenge string
>plus the secret.
>
>
>--
>Philip Hazel University of Cambridge Computing Service,
>ph10@??? Cambridge, England. Phone: +44 1223 334714.
>
>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>details at http://www.exim.org/ ##
Regards
Richard Mayhew
Unix / Security Administrator - M-Web Cape Town - CCSE
Tel: (021) 918 8421
Fax: (021) 918 8385
Cell: 0833018307
SMS: 0833018307@???
ICQ: 193458
http://www.mweb.co.za
