geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <>
Subject Re: SMTP Authentication
Date Wed, 07 Dec 2005 19:02:55 GMT
The best comparison char I could find on this is http:// and it from 23.10.2000  
so about 5 years old.  Anyway, it looks like if we can get LOGIN,  
PLAIN, CRAM-MD5 and DIGEST-MD5 working with start tls, we will have  
the basics covered.


On Dec 7, 2005, at 9:45 AM, Rick McGuire wrote:

> Sasl is the challenge/response algorithm for simple server  
> authentication (Simple Authentication and Security Layer).  The  
> SMTP spec on authentication defines everything in terms of SASL  
> operations (   
> Even PLAIN and LOGIN are SASL operations.  The Java SASL API added  
> in 5.0 provides a nice extendable framework for SASL operations  
> with support for a lot more than the simple operations.  http:// 
> Using the SASL APIs is very nice, as would allow Geronimo to  
> support almost anything a server would throw at as for free, as  
> long it was a mechanism supported by the security provider  
> implementation.
> Anyway, I've got code for LOGIN and PLAIN already written, and am  
> almost done with a CRAM-MD5 version.  This sounds like it will be  
> sufficient for the short term.
> Rick
> Dain Sundstrom wrote:
>> From my experience, most servers and clients are just using LOGIN   
>> and PLAIN with TLS sometimes.  I'm not very familiar with Sasl;  
>> can  you explain how it fits into a mail client or server?
>> Thanks,
>> -dain
>> On Dec 7, 2005, at 8:37 AM, Rick McGuire wrote:
>>> I've looking at the issues of doing SMTP authentication, and  
>>> after  reading the SMTP spec, starting coding up a solution using  
>>> the Java  Sasl API, which was doing most of the heavy lifting for  
>>> me.  This  morning, however, I finally noticed the critical words  
>>> in the Sasl  Javadoc...."since Java 1.5".  Since we're not in a  
>>> position to  support Java 1.5 yet, that definitely tossed a speed  
>>> bump in my path.
>>> LOGIN and PLAIN authentication are pretty simple to do without   
>>> Sasl, and I believe I can also figure out how to do CRAM_MD5.    
>>> Other forms of authentication are probably a bit beyond my  
>>> current  experience with crypto/security.  How sophisticated do  
>>> we need to  be with this?  Are LOGIN and PLAIN sufficient  
>>> (combined with TLS  support)?  Note that this question also  
>>> applies to the POP3 and  IMAP implementations, since they also  
>>> use Sasl authentication  mechanisms.
>>> Rick

View raw message