Hello, on 08.02.2005 08:39, Boris Tyshkiewitch at CGatePro@mx.ru wrote:
> Technical Support wrote:
>
>
>
>> * Security: the Impersonate Login feature has been implemented (for PLAIN >> and GSSAPI login methods). >> >>
RFC2595: 6. PLAIN SASL mechanism
Clear-text passwords are simple, interoperate with almost all existing operating system authentication databases, and are useful for a smooth transition to a more secure password-based authentication mechanism. The drawback is that they are unacceptable for use over an unencrypted network connection.
This defines the "PLAIN" SASL mechanism for use with ACAP and other protocols with no clear-text login command. The PLAIN SASL mechanism MUST NOT be advertised or used unless a strong encryption layer (such as the provided by TLS) is active or backwards compatibility dictates otherwise.
The mechanism consists of a single message from the client to the server. The client sends the authorization identity (identity to login as), followed by a US-ASCII NUL character, followed by the authentication identity (identity whose password will be used), followed by a US-ASCII NUL character, followed by the clear-text password. The client may leave the authorization identity empty to indicate that it is the same as the authentication identity. []
-- Best regards, Dmitry Akindinov -- Stalker LabsПолучено Tue Feb 08 11:41:13 2005
Этот архив был сгенерирован hypermail 2.1.8 : Tue 21 Feb 2006 - 03:15:45 MSK