Plaintext only for loopback?
aspineux at gmail.com
Mon Jan 14 08:33:30 EST 2008
On Jan 14, 2008 12:48 AM, Chris Pepper <pepper at reppep.com> wrote:
> Jorey Bump wrote:
> > Chris Pepper wrote, at 01/13/2008 01:59 AM:
> >> I want to allow plaintext auth only for SquirrelMail (running on
> >> the Cyrus IMAPd server), and require encrypted authentication over all
> >> physical network connections.
> > Why do you want plaintext auth only for SquirrelMail? It supports TLS,
> > alternate ports, CRAM-MD5, and DIGEST-MD5. For example, My Squirrelmail
> > is set up to use LOGIN/TLS on port 993 (settings inherited from a
> > historical setup, I can also support the other options). Are you trying
> > to avoid the overhead of TLS?
> Arrgh! SquirrelMail offers plain, cram-md5, and digest-md5, and only
> plain appears to work against /etc/shadow. I don't want the overhead of
> running TLS over loopback, so I think I will have to do without forcing
> secure auth for non-SSL IMAP/POP, and use the firewall to prevent
> Internet users from connecting over the Internet w/o SSL (so I don't
> have to worry about them unwisely using PLAIN or LOGIN over plaintext
> Pity. It would be nice to have the option of doing IMAP on the IMAP
> port without worrying about unencrypted plaintext auth.
> PS-Bron, I don't want to deal with multiple instances, and I don't need
> too, since I can firewall IMAP (non-SSL) and only let SquirrelMail
> connect to port 143. I'm not looking forward to the SpamAssassin/ClamAV
> sandwich on the SMTP side.
If you have SSL and non SSL, you already have multiple instance :-)
Maybe you mean having multiple imapd.conf then.
> Chris Pepper: <http://www.reppep.com/~pepper/>
> The Rockefeller University: <http://www.rockefeller.edu/>
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
aspineux gmail com
May the sources be with you
More information about the Info-cyrus