Hosting Provided By

Re: Using SASL with Postfix+virtual (mysql) - Stumbling at AUTH

From: Ronald MacDonald <ronald(at)rmacd.com>
Date: Sun Dec 30 2007 - 20:58:16 EST

On 30/12/2007, Patrick Ben Koetter <p@state-of-mind.de> wrote:
> Using plaintext passwords
> If you use plaintext passwords in your authentication backend you have access
> to shared-secret mechanisms such as DIGEST-MD5 and NTLM (Outlook and Outlook
> Express use and prefer NTLM over LOGIN), which adds security to the process of
> credential submission but takes it away at the authentication backend.
>
> Still you would want to protect the transmission of plaintext mechanisms if
> you allow them using smtpd_sasl_tls_security_options as described above.

So it would therefore basically be six or half dozen if I use TLS above SASL. I think that'll probably be what I'll do.

> Should I use plaintext or crypted passwords?
> It's up to you and your policy and what is possible with your userbase. My
> experience is, it's simplier to use plaintext mechanisms if I can't control
> the clients my users use. They will have to configure them and asking them to
> enable TLS sometimes seems to be just too much for some.

Unfortunately if you've already encrypted all your users' passwords using CRYPT - needs to be updated again.

Thanks for all your help with the SASL authentication, both Patrick and Wietse.

Kind regards,
Ronald.

-- 
Ronald MacDonald
http://www.rmacd.com/
0777 235 1655

Received on Sun Dec 30 20:59:06 2007

This message: [ Message body ]
Next message: Joey: "RE: Mail Queue stuck"
Previous message: Wietse Venema: "Re: postfix milter buglet?"
In reply to: Patrick Ben Koetter: "Re: Using SASL with Postfix+virtual (mysql) - Stumbling at AUTH"
Next in thread: George Forman: "malformed rcpt to addresses and milters"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Jul 16 2008 - 09:22:10 EDT