Author: Nico Erfurth Date: To: Torsten Luettgert CC: exim-users Subject: Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy
Torsten Luettgert wrote: > On Wed, 2003-01-08 at 12:56, Philip Hazel via COM.BOX TEMA wrote:
>
>>On Wed, 8 Jan 2003, Nico Erfurth wrote:
>>
>>
>>>Why?
>>>IMHO, you need to loop through the authenticators anyway, to find the
>>>requested authenticator, so checking the condition again and skipping if
>>>it yields false shouldn't be a problem (around line 1793 in my version
>>>of smtp_in.c). But I could be wrong, I just had a quick look ;)
>>
>>OK, you may be right. I *didn't* have a quick look. :-)
>
>
> Is he really? I didn't look at the code either, but having
> different authenticators announced depending on TLS/no TLS
> (which was the original requested functionality) requires
> an expansion of the argument, right?
>
> And is it good to have it evaluated twice, once for the
> announcement and once for checking again if the AUTH should
> be accepted?
> Perhaps I'm paranoid, but having two (possibly quite complicated)
> expansions and expecting the same result doesn't seem right to me -
> what if the results differ due to DNS/LDAP outage or whatever?
If it's a lookup, it will be cached most probably, so I don't see a
problem with this.