From my experience, most servers and clients are just using LOGIN
and PLAIN with TLS sometimes. I'm not very familiar with Sasl; can
you explain how it fits into a mail client or server?
Thanks,
-dain
On Dec 7, 2005, at 8:37 AM, Rick McGuire wrote:
I've looking at the issues of doing SMTP authentication, and after
reading the SMTP spec, starting coding up a solution using the Java
Sasl API, which was doing most of the heavy lifting for me. This
morning, however, I finally noticed the critical words in the Sasl
Javadoc...."since Java 1.5". Since we're not in a position to
support Java 1.5 yet, that definitely tossed a speed bump in my path.
LOGIN and PLAIN authentication are pretty simple to do without
Sasl, and I believe I can also figure out how to do CRAM_MD5.
Other forms of authentication are probably a bit beyond my current
experience with crypto/security. How sophisticated do we need to
be with this? Are LOGIN and PLAIN sufficient (combined with TLS
support)? Note that this question also applies to the POP3 and
IMAP implementations, since they also use Sasl authentication
mechanisms.
Rick
