Added support for the client to authenticate using CRAM-MD5 #20

Merged
merged 2 commits into from Sep 22, 2012

2 participants

@jdbevan

Depends on the crypto module.

Added two functions, one which performs the hashing and sends a response to the server's challenge string, and one function that checks the server's reply to determine whether we logged in successfully.

Altered the _actionEHLO function to check for CRAM-MD5 as a supported auth type.

@andris9 andris9 merged commit 1948361 into andris9:master Sep 22, 2012
@andris9
Owner

Thanks! I had CRAM support implemented in a previous version of SMTP client library but when I rewrote the module, didn't really bother to reimplement CRAM support. It is not a good authentication method mainly because servers need to store plaintext passwords in order to support it - with LOGIN or PLAIN they can store hashes but with CRAM the original password is needed. In addition to that, security should be provided by using encrypted transport.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment