Marc Haber <[EMAIL PROTECTED]> writes:
> On Sat, Mar 19, 2005 at 05:39:52AM +0100, Juergen Kreileder wrote:
>> I've tested two more methods with smtptest:
>>
>> ,----
>>> ntlm_sasl_server:
>>> driver = cyrus_sasl
>>> public_name = NTLM
>>> server_realm = <short main hostname>
>>> ## don't send system passwords over unencrypted connections
>>> #server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>>> server_set_id = $1
>>>
>>> digest_md5_sasl_server:
>>> driver = cyrus_sasl
>>> public_name = DIGEST-MD5
>>> server_realm = <short main hostname>
>>> ## don't send system passwords over unencrypted connections
>>> #server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>>> server_set_id = $1
>> `----
>
> So you're suggesting to put these below the login_sasl_server
> authenticator in 30_exim4-config_examples, as seen in
> http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/debconf/conf.d/auth/30_exim4-config_examples?op=file&rev=0&sc=0,
> right?
The order doesn't really matter, it's up to the client to choose one
of the availabe mechs for authentication.
The only important point is 'server_advertise_condition = ...',
authenticators with that line will only be available after STARTTLS.
Others will be available over unencrypted connections too.
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
