Am 24.11.2008, 07:31 Uhr, schrieb Phil Pennock <exim-users@???>:
>> 2. Is the realm stuff required for DIGEST-MD5?
>
> Yes. The realm is used in the authentication protocol. The server
> sends a challenge which includes the realm that it is in, so needs to
> know the realm to tell the user before the user has supplied their
> usercode.
Ok, I see. So there can be only one realm on the server side.
What about the client? If Outlook uses DIGEST-MD5 is there a way to specify the realm it should use? Or is the realm always derived from the user-name/email adress being the domain part?
And one other question: Is it possible to setup different authentification protocolls in Outlook? I didn't find a way to tell it to use CRAM-MD5.
> You don't, on the same port. Further, it's not (currently) an expanded
> string. There's not currently a way for the client to tell the server,
> ahead of time, what host it thinks it connected to, short of listening
> on multiple IP addresses. You might want to file a feature request for
> server_realm to be expanded to support that.
Just to be sure I understand this correct: If the client isn't sending anything upfront, the server can't know which realm to send to the client if it's the server being the first to send the realm information. How would your suggestion change this?
And, how and where can I file a feature request?
>> The only change I see at the moment is, to make user names not based on the
>> email address but use a realm that is the same for all users.
>
> Yes, you need to go that route.
Ok, at least this makes a workaround possible.
> Older protocols rely on the server to know what it is, instead of
> allowing virtual hosting, which makes things awkward for the people who
> need to run the actual systems.
Are there are any newer protocolls that don't have this problem that I can use with Exim, SASL and Outlook users?
Thanks a lot.
--
Robert M. Münch
http://www.robertmuench.de