pasword in 110 and 143 is in clear text
Carl P. Corliss
rabbitt at xaraya.com
Sun Oct 24 00:48:54 EDT 2004
sam wun wrote:
> Hi,
>
> I just used network sniffer to check the security of login password, I
> found that password from 110 and 143 is in clear text.
> How can I reconfigure cyrus so that it dos not use clear text
> authentication?
> I m using cyrus-imap(2.2) with SASL2
You need to either use LOGIN/PLAIN over a TLS/SSL encrypted line (probably easier to implement if
you have been using plain/login for some time) or switch to using CRAM-MD5/DIGEST-MD5. If you 'man
imapd.conf', look for the the tls_* options. At it's most simplistic, you will use something like:
tls_ca_path: /etc/ssl/certs
tls_cert_file: /etc/ssl/cyrus/mail.crt
tls_key_file: /etc/ssl/cyrus/mail.key
Note: I would suggest the use of SSL/TLS for SMTP AUTH as well.
HTH,
--
Carl P. Corliss
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list