Re: IMAP plain text authentication

From: Pawel Salek <pawsa theochem kth se>
To: Myroslava Dzikovska <myros cs rochester edu>
Cc: balsa-list gnome org
Subject: Re: IMAP plain text authentication
Date: Wed, 24 Oct 2001 20:13:56 +0200

On 2001.10.24 17:40 Myroslava Dzikovska wrote:
> Oh, I should have mentioned this. I have no problems connecting with
> Netscape 4.77 from the same machine. Also, older Balsa (1.0.0) still
> complains that CRAM-MD5 authentication failed, but lets me see the
> mailbox.

The capabilities list would be useful to confirm my theory about it. I
think the server advertises as being capable to do CRAM-MD5. Older balsa
tried first CRAM-MD5 and when it failed, tried LOGIN.

The current balsa stops the authentication process if CRAM-MD5 fails - and 
it
makes sense. I think there are some cracking schemes (downgrading attacks) 
that attempt to enforce weakest authentication method available. The 
algorithm balsa uses now (i.e. use strongest method available, or fail) 
protects against it.

The bottom line is: one should verify if the server claims to support 
CRAM-MD5. If it does, you will need to talk to you system administrator. 
But please, start from verifying the server capabilities.

/Pawel

Follow-Ups:
- Re: IMAP plain text authentication
  - From: Myroslava Dzikovska
- Re: IMAP plain text authentication
  - From: Myroslava Dzikovska

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]