Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MNico Erfurth at <-
M\Giuliano Gavazzi at ->
Delete this message
Reply to this message
Author: Matt Bernstein
Date:  
To: exim-users
Subject: Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy
At 14:15 -0000 Philip Hazel wrote:

>What I have actually put on the Wish List is this:
>
>------------------------------------------------------------------------------
>(128) 08-Jan-03 S A condition for authenticators controlling advertising
>
>An authenticator would be advertised only if the condition is true. The same
>condition needs to be checked when searching for a requested authenticator, to
>ensure that only advertised authenticators can be used. Or set a flag to show
>that advertisement has happened.
>------------------------------------------------------------------------------

Great! This will help with my AUTH EXTERNAL idea:

The server can advertise the EXTERNAL mechanism (using the plaintext
authenticator) iff it has succesfully verified a client certificate.

The other bit we need is a similar hack for the Exim client auth code, so
that we can tell it which hosts to use with which mechanisms (and, more
importantly, it doesn't try sending passwords from the wrong mechanisms to
the wrong hosts). I don't see an obvious solution to the client fix
though.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Vadim and Ceri DaviesRe[2]: [Exim] Report on Exim 4.12 and Openldap 2.1.10->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)