Order of SASL2 methods announced? (Cyrus IMAPD2)
Rob Siemborski
rjs3 at andrew.cmu.edu
Fri Sep 12 09:34:47 EDT 2003
On Fri, 12 Sep 2003, Pascal Gienger wrote:
> We have some kind of - problem.
>
> We try to understand HOW the different SASL plugins are ordered when doing
> an announcement (. CAPABILITY).
Mostly Randomly. Somewhat based on the order the plugin is loaded.
Security requirements of SASL basicly dictate that the client ignore the
order they are advertised.
> The problem arises (again) with Microsoft Outlook and Outlook Express.
>
> Outlook breaks when "AUTH=NTLM" is not the FIRST method announced! It gives
> me an error saying "DIGEST-MD5: authentication failed" in Outlook (sure,
> Microsoft products only handle GSSAPI, NTLM and plaintext).
So, if you don't want to use DIGEST (or whatever), restrict what is
advertised with sasl_mech_list.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list