Re: [exim] Plain Authentication Failures

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMBrian Spraker at <-
MJohn Jetmore at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users
Subject: Re: [exim] Plain Authentication Failures
On 2011-09-27 at 15:29 -0700, Brian Spraker wrote:
>     public_name = PLAIN

This should be used by most things except Outlook.

>     public_name = LOGIN

This is probably being used by Outlook.

>     server_condition = ${lookup mysql{SELECT user_uid FROM horde_users WHERE user_uid="$1" AND user_pass="$2"}{1}fail}

This is a MySQL injection attack vector because you're not using
quote_mysql, as you do in the PLAIN case.

> Just not understanding why it is working for those using Outlook without any troubles - but it isn't working with the Android device and causing issues for one of my providers using PHP to send messages.

SASLprep normalisation by the Android client or Outlook, and not by the
other? Are the users using non-ASCII characters in their passwords?

Or lack of normalisation and non-ASCII characters and different
character sets in use.

-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] ScriptRe: [exim] Plain Authentication Failures->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)