But Fred - there are plain text authenticators and if you use SSL then
it's encrypted. These can cal to Cyrus SASL which on my setup talks to
IMAL using the rimap setting. My point is - what does Exim bother with
talking to SASL which talks to IMAP when it could - in theiry - talk to
IMAP direstly and eliminate the SASL layer?
It's a simplicity thing.
Fred Viles wrote:
>On 1 Aug 2005 at 11:32, Marc Perkel wrote about
> "Re: [exim] Why doesn't Exim authent":
>
>| Fred Viles wrote:
>|...
>| >FYI, it wouldn't work with CRAM-MD5 or other one-way-hash SASL
>| >mechanisms. The password would not be available for exim to pass to
>| >the IMAP server.
>|...
>| Why wouldn't the password be available?
>
>RTFRFC (RFC 2195, according to spec.txt).
>
>The client does not send the password in plaintext (that's a GOOD
>thing). It sends a cryptographic hash made from the password and the
>challenge string sent by the server. The server can't recover the
>plain text password from the hash (it's a one-way hash), it has to
>have the plain text password already to hand so it can hash it
>itself, and verify that the client sent the expected hash.
>
>- Fred
>
>
>
>
>
>
>
--
Marc Perkel - marc@???
Spam Filter: http://www.junkemailfilter.com
My Blog: http://marc.perkel.com
