Re: CRAM-SHA1 sucks. was: [courier-users] ESMTP Auth and LDAP problems

Sam Varshavchik Thu, 20 Feb 2003 15:36:05 -0800

Jason Haar writes:

On Thu, Feb 20, 2003 at 10:36:47AM +0000, Brian Candler wrote:
Pretty much, although there is a way to mitigate that: let a different box
handle the SASL exchange for you.
You mean if I compromise the Courier server and reconfigure it to use PLAIN
passwords, the client will notify the user that a configuration change has
occured, so that they don't send their password?
I don't think so ;-)

... and you'd be wrong :-) Robust clients can certainly be programmed to require SASL CRAM authentication, or encryption, and notify the user if the server doesn't support it.

-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: CRAM-SHA1 sucks. was: [courier-users] ESMTP Auth and LDAP problems

Reply via email to