-
rswindell authoredone of the configured linked-nodes matching the remote address(es) is set for CRAM-MD5 passwords only and a plain-text password was provided by the remote. Previously, the function would log a warning: "CRAM-MD5 required (and not provided) by <addr>" but succeeed (the actual password value was not check) and it woudl flag the session as "non-secure" (sending M_OK non-secure), looking like this on the remote side: Authentication successful: non-secure and any received files would go into the configured non-secure inbound. This may explain why some sysops sometimes get unexplained files in their non-secure inbound (looking for "non-secure" in the logs should confirm). Now, you should still see (on the answering side) the log message: "CRAM-MD5 required (and not provided) ...", but it'll also send a M_ERR Passowrd mismatch error to the remote, thus ending the session.
rswindell authoredone of the configured linked-nodes matching the remote address(es) is set for CRAM-MD5 passwords only and a plain-text password was provided by the remote. Previously, the function would log a warning: "CRAM-MD5 required (and not provided) by <addr>" but succeeed (the actual password value was not check) and it woudl flag the session as "non-secure" (sending M_OK non-secure), looking like this on the remote side: Authentication successful: non-secure and any received files would go into the configured non-secure inbound. This may explain why some sysops sometimes get unexplained files in their non-secure inbound (looking for "non-secure" in the logs should confirm). Now, you should still see (on the answering side) the log message: "CRAM-MD5 required (and not provided) ...", but it'll also send a M_ERR Passowrd mismatch error to the remote, thus ending the session.
Loading