On Oct 28, 2004, at 12:02, Alan Thew wrote:
> On Wed, 27 Oct 2004 09:17 , Tor Slettnes <tor@???> said:
>> Alan J. Flavell wrote:
>>> (For some reason, it seems to be laptop Mac OS X users who can't get
>>> that right. Doesn't their mailer have any option to say
>>> "authenticated if available", in the way that more-familiar mailers
>>> such as Mozilla-family or PINE have? But I digress.)
>>
>> No. Authentication settings for outgoing servers in Mail.app are
>> "None", "Password", "MD5" (which means CRAM-MD5, unfortunately), and
>> Kerberos v4 and v5. Couldn't you have them always authenticate, even
>> when within your premises?
>
> I'm not a Mac user but OS 10.2 and above support authentication (our
> Mac users use it).
I do not think anyone disputed that.
On a side note, a one-size-fit-all "secure" authentication scheme is
somewhat of an elusive target. Your options are:
- TLS/SSL. Unfortunately, this requires that you get a SSL
server certificate from a "trusted" CA, such as Verisign
(this can be expensive for smaller / non-commerical outfits),
or that you sign with your own CA, and then guide your users
through installing your root certificate in various OSes/clients
(i.e. Windows/Outlook Express, Windows/Mozilla, Mac OS X Keychain..)
- CRAM-MD5, DIGEST-MD5 or Kerberos authentication.
This protects your password even over a non-encrypted connection,
but unfortunately, Outlook / Outlook Express do not support MD5
very well. If you choose to "Use Secure Password Authentication"
in the SMTP server properties, you need to re-enter your server
username/password every time you send a mail.
- Use Outlook "Secure Password Authentication" with a Windows domain
server. (That would be the MTA, and would only support Windows
clients).
-tor
