On Tue, May 21, 2002 at 06:47:07PM -0700, Gordon Messmer wrote: > > define(`confAUTH_OPTIONS', `A')dnl > > TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > > define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > > > > This works just fine and authenticates a user against a system account. > > > > Can anyone confirm this is sent via plain text? I'm pretty sure it is. > > Assuming it is how can SASL support some kind of encryption? Or how can > > I make itauthenticate against /etc/sasldb > > IIRC, LOGIN and PLAIN are plain-text and should not be used. If you > remove them, and advertise only DIGEST-MD5 and CRAM-MD5, clients should > use them.
LOGIN and PLAIN are safe if used over TLS. I believe sendmail also has support for TLS now. -- Anand Buddhdev Personal site: http://anand.org _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
