geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <>
Subject Re: SMTP Authentication
Date Wed, 07 Dec 2005 17:27:37 GMT
 From my experience, most servers and clients are just using LOGIN  
and PLAIN with TLS sometimes.  I'm not very familiar with Sasl; can  
you explain how it fits into a mail client or server?



On Dec 7, 2005, at 8:37 AM, Rick McGuire wrote:

> I've looking at the issues of doing SMTP authentication, and after  
> reading the SMTP spec, starting coding up a solution using the Java  
> Sasl API, which was doing most of the heavy lifting for me.  This  
> morning, however, I finally noticed the critical words in the Sasl  
> Javadoc...."since Java 1.5".  Since we're not in a position to  
> support Java 1.5 yet, that definitely tossed a speed bump in my path.
> LOGIN and PLAIN authentication are pretty simple to do without  
> Sasl, and I believe I can also figure out how to do CRAM_MD5.   
> Other forms of authentication are probably a bit beyond my current  
> experience with crypto/security.  How sophisticated do we need to  
> be with this?  Are LOGIN and PLAIN sufficient (combined with TLS  
> support)?  Note that this question also applies to the POP3 and  
> IMAP implementations, since they also use Sasl authentication  
> mechanisms.
> Rick

View raw message