Re: [exim] Exim4 + fixed_cram

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M-\MPhil Pennock at <-
M\MMbasti at ->
Delete this message
Reply to this message
Author: Jan Ingvoldstad
Date:  
To: exim users
Subject: Re: [exim] Exim4 + fixed_cram
On Thu, Jan 23, 2014 at 9:05 AM, Phil Pennock <pdp@???> wrote:

>
> This is not usable with CRAM-MD5. CRAM-MD5 requires access to the
> cleartext password. If you use DIGEST-MD5 instead, then you can use a
> stored form which is a particular MD5-transformation of the password,
> but still not the current scheme. If you're going down this path, then
> look to see if the clients support SCRAM auth and how you might store
> multiple hash transforms of the password in your database.
>
> Ideally, SCRAM-SHA-1-PLUS (for channel-binding) else SCRAM-SHA-1.
>

Do you (or anyone) know of a reliable list of MUAs supporting and not
supporting which of these features?

Typically, someone offering authenticated SMTP is more or less forced to
cater for a huge variety. :(

I'm thinking that a viable solution is to have different MUA-facing
servers, with different feature sets and requirements, depending on the MUA.

outlook.smtp.mydomain.example :)
--
Jan
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim4 + fixed_cramRe: [exim] Exim4 + fixed_cram->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)