212225Re: SASL vs. M$ Outlook and Outlook Express
- Jan 1, 2007Magnus Bäck wrote:
> No, that's not okay. The Microsoft-style LOGIN mechanism is missing.Yep
> More recent Microsoft clients may support the PLAIN mechansim as well,
> but since people may be running older software I'd say it's a
> requirement to provide both PLAIN and LOGIN.
> While the OP is fixing LOGIN, I suggest he fixes support for CRAM-MD5Sending passwords in the clear can be avoided with TLS c.q. SSL.
> and DIGEST-MD5 as well so that clients won't be forced to send passwords
> in the clear.
Also, unfortunately at the last count (beta < 1) Dovecot didn't support
CRAM-MD5 or DIGEST-MD5 - just as it didn't support many of the things
that are possible with Cyrus and on the IMAP level Courier
IMAP/maildrop. Getting CRAM-MD5 and DIGEST-MD5 to work with Postfix (at
least with Cyrus SASL) means using auxprop and in our case with an LDAP
I'd be happy to learn that things on the Dovecot front have improved
since last April or so and that it now does support both, though without
LDAP-based maildrop (and the underlying authlib service) the mail
service that we offer at our site would be impossible.
Email: tonni at hetnet.nl
- << Previous post in topic Next post in topic >>