[CentOS] postfix+sasl error logs

Thu Feb 2 16:01:44 UTC 2006
Alexander Dalloz <ad+lists at uni-x.org>

Am Do, den 02.02.2006 schrieb spart cus um 16:36:

> Got it working now.Thanks for all the help. Im still
> on studying sasl for postfix. Is it more secure to
> limit the mech_list to just plain and login ? Im not
> using TLS support for this. 

Do not propagate any mechanism which your server setup does not really
is able to handle. So restricting the offered mech list to plain and
login when using saslauthd is the proper thing to do.
You should protect the user's authentication data transmitted in
cleartext (just base64 encoded) over the wire by enforcing TLS.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 16:59:22 up 59 days, 21:36, load average: 0.57, 0.59, 0.62 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://lists.centos.org/pipermail/centos/attachments/20060202/e9fb81de/attachment-0005.sig>