On Mon, 15 Dec 2003, Guillaume Filion wrote:The plugin reads the file config/saslauth for the list of username and passwords. Unfortunately, we need put the plaintext password in the file because of a limitation in the SASL protocol. 8(
Isn't that only true if you implement the CRAM-MD5 mechanism? IOW, PLAIN
and LOGIN can be done without storing plaintext passwords. See, for
example mailfront and cvm at http://untroubled.org/.
Yes, but PLAIN and LOGIN are worse than storing plaintext passwords! 8) CRAM-MD5 has the advantage of not sending the password over the wire. SMTP over SSL might be an interesting solution.
Regards, GFK's -- Guillaume Filion, ing. jr Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/
