Re: IMAP plain text authentication
- From: Pawel Salek <pawsa theochem kth se>
- To: Myroslava Dzikovska <myros cs rochester edu>
- Cc: balsa-list gnome org
- Subject: Re: IMAP plain text authentication
- Date: Wed, 24 Oct 2001 20:13:56 +0200
On 2001.10.24 17:40 Myroslava Dzikovska wrote:
> Oh, I should have mentioned this. I have no problems connecting with
> Netscape 4.77 from the same machine. Also, older Balsa (1.0.0) still
> complains that CRAM-MD5 authentication failed, but lets me see the
> mailbox.
The capabilities list would be useful to confirm my theory about it. I
think the server advertises as being capable to do CRAM-MD5. Older balsa
tried first CRAM-MD5 and when it failed, tried LOGIN.
The current balsa stops the authentication process if CRAM-MD5 fails - and
it
makes sense. I think there are some cracking schemes (downgrading attacks)
that attempt to enforce weakest authentication method available. The
algorithm balsa uses now (i.e. use strongest method available, or fail)
protects against it.
The bottom line is: one should verify if the server claims to support
CRAM-MD5. If it does, you will need to talk to you system administrator.
But please, start from verifying the server capabilities.
/Pawel
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]