geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick McGuire <>
Subject SMTP Authentication
Date Wed, 07 Dec 2005 16:37:17 GMT
I've looking at the issues of doing SMTP authentication, and after 
reading the SMTP spec, starting coding up a solution using the Java Sasl 
API, which was doing most of the heavy lifting for me.  This morning, 
however, I finally noticed the critical words in the Sasl 
Javadoc...."since Java 1.5".  Since we're not in a position to support 
Java 1.5 yet, that definitely tossed a speed bump in my path. 

LOGIN and PLAIN authentication are pretty simple to do without Sasl, and 
I believe I can also figure out how to do CRAM_MD5.  Other forms of 
authentication are probably a bit beyond my current experience with 
crypto/security.  How sophisticated do we need to be with this?  Are 
LOGIN and PLAIN sufficient (combined with TLS support)?  Note that this 
question also applies to the POP3 and IMAP implementations, since they 
also use Sasl authentication mechanisms.


View raw message