[Top] [All Lists]

Re: Query Regarding CRAM-MD5 Authentication

2005-11-16 04:29:29

Vijayan wrote:

my server supports 3 types of authentications

The latter shouldn't work without STARTTLS.

for LOGIN and CRAM-MD5 server sends some encrypted data.

Encoded.  Base-64.  Nothing special, for a nice example see

"LOGIN" is no SASL mechanism, and "PLAIN" must not be used
outside of TLS, that leaves "CRAM-MD5" for ESMTPA in your

what to do with this encrypted data..??

For "CRAM-MD5" read the proposed standard (RfC 2195), it has
an example for IMAP.  If you're looking for some code I can
offer a REXX MD5 test suite (it also includes OTP and some
DIGEST-MD5 tests, but not the new I18N stringprep stuff):

any other mechanisms available that which SMTP Servers can

Sure, problem is that clients (MUAs) won't support it.  For
ESMTPA "CRAM-MD5" is the only game in town.  If that's not
good enough for your purposes you need ESMTPSA (S = secure),
or in other words TLS + PLAIN.
                              Bye, Frank

<Prev in Thread] Current Thread [Next in Thread>