On Oct 2, 2006, at 10:18 PM, John Peacock wrote:
Brian Szymanski wrote:
I want to restrict my auth handlers for plain and login to secure
(SSL
or TLS) connections, so that CRAM-MD5 is the only one that can be
used
with plaintext.
The recommended way to deal with that is to run branches/0.3x and
use the file
config/tls_before_auth config, which (if 0), only displays AUTH
*after* tls has
been enabled. Then you can support whatever AUTH mechanisms you
like, in
perfect safety. The majority of modern MUA's support TLS, so this
shouldn't be
a stretch.
Unless I'm missing something, this doesn't work with connections on
port 465 (SSL instead of STARTTLS), which is something we need to
support.
The entire AUTH framework, along with the TLS code, is due for a
rewrite, but
this really depends strongly on the wind blowing in exactly the
correct
direction for sufficient time to allow me time to do it... ;-)
Yeah, I'm getting that. Let me know how I can be of assistance.
Cheers,
B
---
Brian Szymanski
[EMAIL PROTECTED]
