Re: [Exim] restricting AUTH Plain/Login to TLS connections

Top Pagina
Delete this message
Reply to this message
Auteur: Philip Hazel
Datum:  
Aan: Nico Erfurth
CC: Sven Geggus, exim-users
Onderwerp: Re: [Exim] restricting AUTH Plain/Login to TLS connections
On Wed, 8 Jan 2003, Nico Erfurth wrote:

> > So far, so good, but how would I make exim to advertise CRAM-MD5 in this
> > case and CRAM-MD5 LOGIN and PLAIN in the other?
>
> I'm afraid you can't do this.
>
> You have to advertise all or nothing, but maybe this should be
> configureable in the authenticator (this COULD also make the
> auth_advertise_hosts option obsolete).


That is correct.

I have noted this requirement in the Wish List. However, it isn't as
simple as just specifing what to advertise, because Exim should only
accept back requests for advertised mechanisms. This is quite a lot of
complication.

What you can do is to reject AUTH commands that don't use an approved
mechanism in the ACL for AUTH. This may confuse the clients, of course.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.