On Wed, 22 Jan 2003 10:45:37 -0800 "Jason R. Mastaler" <[EMAIL PROTECTED]> wrote:
> Update of /cvsroot/tmda/tmda/bin > In directory sc8-pr-cvs1:/tmp/cvs-serv10739/bin > > Modified Files: > ChangeLog tmda-ofmipd > Log Message: > Remove CRAM-MD5 from the published SASL types if using the > `--authprog' or `--remoteauth' options. This is because after the > client has authenticated via CRAM-MD5, the username/password pair is > no longer available to use for authentication with a remote service > like an IMAP server. Most MUAs will choose CRAM-MD5 is offered, but > can use LOGIN or PLAIN if it's not available. Actually this is wrong in the current implementation, cause you may want to keep CRAM-MD5 if you want some users to authenticate against /etc/tofmipd, while some others authenticate against -R ldap or -A chkpasswd. We need to decide if we force disabling /etc/tofmipd authentication when using -R and/or -A, or if we provide a new flag for the user to specify she doesn't want to fallback to /etc/tofmipd auth. I'm all for the second option and I've already made a patch that adds a -n/--nofallback flag to tmda-ofmipd. I'll commit it if this option is voted. David _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
