denying plaintext
Tarjei Huse
tarjei at nu.no
Tue Mar 16 12:08:58 EST 2004
Hi,
I'm trying to make sure my users only use secure passwords when logging
into my server. Therefore I've used to set:
allowplainwithouttls:no
and
sasl_minimum_layer:128
sasl_mech_list: digest-MD5 CRAM-MD5
However, when I checked my logs, I saw stuff like:
Date hostename imapd[123]: login: hostname[ip] username plaintext
>From a place that clearly should not have this happening.
So I have now added:
allowplaintext: no
as well.
My question is: Is this enough? And, why isn't setting the
sasl_minimum_layer enough to make sure I got encrypted passwords?
Tarjei
--
Tarjei Huse
Rådgiver
Bergfald & Co AS
Telefon: 23 00 05 90
Mobiltelefon: 920 63 413
www.bergfald.no
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list