See comments below. Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
We are actively looking for companies that do a lot of long distance faxing and want to cut their long distance bill by up to 50%. Contact [EMAIL PROTECTED] for more info. ----- Original Message ----- From: "David Guerizec" <[EMAIL PROTECTED]> To: "Jesse Guardiani" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, December 14, 2002 1:44 PM Subject: Re: tmda-ofmipd + vpopmail CRAM-MD5 problem > On Sat, 2002-12-14 at 18:23, Jesse Guardiani wrote: > > Then how do you explain this: > > > > > > + if nofallback and (remoteauth['enable'] or authprog): > > > > + # CRAM-MD5 does not work with remote login or authprog > > > > + self.__sasl_types = ['login', 'plain'] > > > > + else: > > > > + self.__sasl_types = ['login', 'cram-md5', 'plain'] > > > > self.__auth_cram_md5_ticket = '<%s.%s@%s>' % > > > > (random.randrange(10000), > > > > If I'm reading that correctly, you're saying that when 'nofallback' is > > enabled, > > CRAM-MD5 is disabled. WHY? CRAM-MD5 **DOES** work with SOME remote > > login servers. > > if nofallback AND either remoteauth or authprog; then CRAM-MD5 is > disabled *only* for tmda-ofmipd proxy. > > Let me clarify a bit: > A server can authenticate a client with cram-md5 if and only if the > server knows the plain text password. In the case of remote > authentication with tmda-ofmipd, the server needs the plain text > password to authenticate against IMAP (or any other protocole), but > doesn't know it until the client sends it. So the client needs to send > the password in plain text for the server to be able to do remote > authentication (same goes with --authprog). > > Note that tmda-ofmipd is a SMTP proxy, not an authentication proxy (ie. > it doesn't pass over to IMAP the cram-md5 token), and it can only > authenticate with plain text password with IMAP, so even if we enable > cram-md5 in tmda-ofmipd, it's not gonna use it anyway with the remote > authentication host (or this is handled transparently by the underlying > libraries). > > Hope that's clear. Ok. So let me see if I have this straight: tmda-ofmipd does NOT 'pass' the authentication string on to IMAP. Why? What DOES it do then? I'm confused. Thanks. > > David > > _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
