On Sat, 2002-12-14 at 18:23, Jesse Guardiani wrote: > Then how do you explain this: > > > > + if nofallback and (remoteauth['enable'] or authprog): > > > + # CRAM-MD5 does not work with remote login or authprog > > > + self.__sasl_types = ['login', 'plain'] > > > + else: > > > + self.__sasl_types = ['login', 'cram-md5', 'plain'] > > > self.__auth_cram_md5_ticket = '<%s.%s@%s>' % > > > (random.randrange(10000), > > If I'm reading that correctly, you're saying that when 'nofallback' is > enabled, > CRAM-MD5 is disabled. WHY? CRAM-MD5 **DOES** work with SOME remote > login servers.
if nofallback AND either remoteauth or authprog; then CRAM-MD5 is disabled *only* for tmda-ofmipd proxy. Let me clarify a bit: A server can authenticate a client with cram-md5 if and only if the server knows the plain text password. In the case of remote authentication with tmda-ofmipd, the server needs the plain text password to authenticate against IMAP (or any other protocole), but doesn't know it until the client sends it. So the client needs to send the password in plain text for the server to be able to do remote authentication (same goes with --authprog). Note that tmda-ofmipd is a SMTP proxy, not an authentication proxy (ie. it doesn't pass over to IMAP the cram-md5 token), and it can only authenticate with plain text password with IMAP, so even if we enable cram-md5 in tmda-ofmipd, it's not gonna use it anyway with the remote authentication host (or this is handled transparently by the underlying libraries). Hope that's clear. David _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
