5 Jan
2003
5 Jan
'03
10:33 p.m.
On Sun, 2003-01-05 at 21:36, Paul C. Bryan wrote:
Maybe I should consider anyway using Cyrus SASL library, at least optionally.
Please do! It works, it's flexible, it's secure, and allows central administration of authentication.
Well, current CVS has some code for it, but it's still missing some configuration. Actually I'm not really sure how I should do that, I found one way but Postfix doesn't seem to doing that..
And secure? I doubt it, I did a quick audit to it a month ago and found 3 buffer overflows. I checked mostly just PLAIN mechanism which I use with Postfix, so there may well be more left in other auth mechanisms.