[issue21935] Implement AUTH command in smtpd.

Milan Oberkirch report at bugs.python.org
Thu Jul 17 12:31:03 CEST 2014


Milan Oberkirch added the comment:

My interpretation of this paragraph is the following (English is not my native language so please correct me if I'm wrong):
The requirement is to provide a configuration where plain auth is disabled if password snooping would be possible otherwise not to forbid such configurations generally. An admin SHOULD provide security measures to prevent password snooping. 

Setting enable_AUTH=False is a configuration where plain authentication is not permitted. The admin should provide a STARTTLS (or any other encrypted) tunnel if enabling AUTH (stunnel would be a common solution on Linux).

Maybe we should explicitly mention that in the docs?

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21935>
_______________________________________


More information about the Python-bugs-list mailing list