Hi! On Mon, 01 Dec 2014 12:55:44 +0000, [email protected] wrote: > I do not know anything helpful about GSSAPI, but I wonder if you > could add a few words to your statement of mailservers only > supporting GSSAPI NTLM and LOGIN bein problematic.
GSSAPI is only usable in special situations (Kerberos setup). Neither NTLM nor LOGIN are standardized; both are Microsoft extensions and as such were never properly documented. NTLM was at one day intended to be secure (in the sense that an eavesdropper cannot steal the password even in the absence of TLS encryption), but has long since been shown to be broken. LOGIN is as simple as the standard PLAIN method and therefore trivial enough to implement for everyone, but it is actually worse than PLAIN, since it requires one additional round trip, so there really was no point in "inventing" it. If a server uses user/password authentication, then PLAIN is really the only method that needs to be supported, since nowadays an SMTP session should be protected by TLS encryption anyway. If a server wants to offer an additional user/password authentication scheme that does not reveal the password even in the absence of TLS encryption, then it should offer the properly standardized and documented SCRAM-SHA1. Disadvantage to PLAIN: the server must know the clear text password; storing a hash is not enough. This means a larger risk for attacks. For the special case of authentication via TLS client certificates, method EXTERNAL may be used. These three methods are really the only useful ones now, as far as I can see. More information on all the different methods: http://www.gnu.org/software/gsasl/manual/html_node/Mechanisms.html#Mechanisms Regards, Martin ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ msmtp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/msmtp-users
