Re: [Exim] SMTP authentication with exim

Top Pagina
Delete this message
Reply to this message
Auteur: Richard Mayhew
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] SMTP authentication with exim
Hi

Ive been able to get SMTP Authenication working using LDAP if anyone is
interested.
(PLAINTEXT AND LOGIN)



Cheers



At 12:45 PM 00/08/23, you wrote:
>On Wed, 23 Aug 2000, Christi Alice Scarborough wrote:
>
> > cram:
> > driver = cram_md5
> > public_name = CRAM-MD5
> > server_secret = ${if crypteq{$2}{\{crypt\}${lookup {$1}
> lsearch{/etc/shadow}{${extract{1}{:}{$value}}} fail } } {secret1} fail }
> >
> > which I think should do the following. Take the secret string passed
> > by the client, containing the username ($1) and password ($2) and extract
> > the users crypted password string from the password file. This should
> > then be compared with the value passed by the user.
>
>No, that isn't the way CRAM-MD5 works. What you have described is the
>way that LOGIN authentication works. CRAM-MD5 is a completely different
>kettle of fish (see chapter 35). You need to have the secret stored *in
>plain* on the server. You can't use an encrypted password. The client
>doesn't send the secret - it sends an MD5 hash of the challenge string
>plus the secret.
>
>
>--
>Philip Hazel            University of Cambridge Computing Service,
>ph10@???      Cambridge, England. Phone: +44 1223 334714.

>
>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>details at http://www.exim.org/ ##


Regards
Richard Mayhew

Unix / Security Administrator - M-Web Cape Town - CCSE
Tel:    (021) 918 8421
Fax:    (021) 918 8385
Cell:    0833018307
SMS:    0833018307@???
ICQ:    193458
http://www.mweb.co.za