Loading ...
Sorry, an error occurred while loading the content.

212225Re: SASL vs. M$ Outlook and Outlook Express

Expand Messages
  • Tony Earnshaw
    Jan 1, 2007
    • 0 Attachment
      Magnus B├Ąck wrote:


      > No, that's not okay. The Microsoft-style LOGIN mechanism is missing.
      > More recent Microsoft clients may support the PLAIN mechansim as well,
      > but since people may be running older software I'd say it's a
      > requirement to provide both PLAIN and LOGIN.


      > While the OP is fixing LOGIN, I suggest he fixes support for CRAM-MD5
      > and DIGEST-MD5 as well so that clients won't be forced to send passwords
      > in the clear.

      Sending passwords in the clear can be avoided with TLS c.q. SSL.

      Also, unfortunately at the last count (beta < 1) Dovecot didn't support
      CRAM-MD5 or DIGEST-MD5 - just as it didn't support many of the things
      that are possible with Cyrus and on the IMAP level Courier
      IMAP/maildrop. Getting CRAM-MD5 and DIGEST-MD5 to work with Postfix (at
      least with Cyrus SASL) means using auxprop and in our case with an LDAP
      base, ldapdb.

      I'd be happy to learn that things on the Dovecot front have improved
      since last April or so and that it now does support both, though without
      LDAP-based maildrop (and the underlying authlib service) the mail
      service that we offer at our site would be impossible.


      Tony Earnshaw
      Email: tonni at hetnet.nl
    • Show all 25 messages in this topic