On 2015-09-05 12:03, Jeremy Harris wrote: > On 05/09/15 19:54, AC wrote:
>> Until this thread I didn't know that the
>> password is base64 encoded in the AUTH PLAIN debug output (before it's
>> printed as plain text in $auth3 otherwise). I assumed it was a hashed
>> string so I didn't expect it to match every time.
>
> Because of this, restricting plaintext auth methods to encrypted
> connections is a good move.
> Yes, I would agree. I have mine set up to use a TLS encrypted
connection started by STARTTLS. Is there a way to combine the SASL
authentication with a hashing algorithm or is STARTTLS+PLAIN sufficient?