Subject: Re: sasl2 + postfix2 problems and questions
To: None <>
From: Martin Husemann <>
List: netbsd-users
Date: 06/30/2004 11:38:02
On Wed, Jun 30, 2004 at 04:02:40PM +0700, Amadeus wrote:
> I want to use the shadow mechanism for simplicity, but don't want send 
> passwords sent in the clear susceptable to sniffing, so if I understand 
> correctly, not use PLAIN or LOGIN but cram-md5 or digest-md5, althought to 
> be honest I'm a little confused and don't know if this is a possible 
> combination: shadow + DIGEST-md5 - or PLAIN LOGIN under TLS (too 
> complicated!).

IIUC it is not possible to do anything that does not transmit the password
as clear text with shadow passwords. Your sasl needs the unencrypted password
to generate or check the proper digest, and you can't get that from a
passwd file.

It would be cool to have a "simple" SMTP AUTH version in tree, btw.