Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Derek Simkowiak
Data:  
Para: Giuliano Gavazzi
CC: Matt Bernstein, exim-users
Assunto: Re: [Exim] restricting AUTH Plain/Login to TLS connectionsy
> >The server can advertise the EXTERNAL mechanism (using the plaintext
> >authenticator) iff it has succesfully verified a client certificate.
>
> wow, you *are* strict! You verify a client certificate *and* require
> authentication. Or perhaps you did not mean client certificate?


    That is not particularly strict.  For anything close to "high"
security, I'd see that as necessary.


    If your laptop (with installed client-cert) gets stolen at the
Airport, the thief has access all the services until your I.T. department
revokes that cert.  (Or if someone breaks into your office, etc.)


    You should at least require a memorized password in addition to
the client cert.  But passwords are easily caught; a handicam with a big
zoom lens does the trick.  Bigger companies usually require a SecurID
token or biometric (i.e. handprint).  For a cool toy see
http://www.thinkgeek.com/gadgets/security/5a6c/.



--Derek