Re: [Exim] Help with SMTP AUTH

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Tamas TEVESZ
CC: Matt Bernstein, Exim Users
Sujet: Re: [Exim] Help with SMTP AUTH
On Tue, 28 Aug 2001, Tamas TEVESZ wrote:

> On Tue, 28 Aug 2001, Matt Bernstein wrote:
>
>  > ..but it's too late by then! You say (in the clear)
>  >    AUTH PLAIN MiMeHaSh..
>  > ..and the server replies
>  >    503 STARTTLS required before AUTH

>
> the server doesn't have to advertise it's auth-capability unless the
> channel is already secured :) (no, i don't know how (if at all) to do
> that. but it wouldn't be nice...)


Indeed. Here is a comment from the Exim source code:

      Do not advertise AUTH if the host is in auth_over_tls_hosts and we
      are not in a TLS session.


> otoh - once one does ssl, then why bother with passwords ? use
> certificates then :)


Because certificates are very complicated things to handle, and not many
people understand them well. If you just want encryption (not
identification) you can give your server a self-signed certificate and
not have to bother your users with certificates, or tangle with
certification companies.


-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.