how to secure authentication ?

JOYDEEP j.bakshi at unlimitedmail.org
Thu Apr 5 02:07:29 EDT 2007


Dear list ,

SSL encryption is working now :-)
the next step of security is securing the authentication. I am using
PLAIN and LOGIN. is it secure ?
How to securely authenticate ?
please enlighten me ?

here is my /etc/imapd.conf
-------------------------------------------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve

admins: cyrus
allowplaintext: yes
sasl_minimum_layer: 0
sasl_mech_list: LOGIN  PLAIN

allowanonymouslogin: no
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
#auxprop saslauthd
#sasl_auxprop_plugin: sasldb2
servername: linux.kolkatainfoservices.in

lmtp_overquota_perm_failure: no
lmtp_downcase_rcpt: yes
#
# if you want TLS, you have to generate certificates and keys
#
tls_cert_file: /etc/openldap/myca/servercert.pem
tls_key_file:  /etc/openldap/myca/serverkey.pem
tls_ca_file:  /etc/openldap/myca/cacert.pem
tls_ca_path:  /etc/openldap/myca/
#tls_require_cert: no
#tlscache_db: berkeley

unixhierarchysep:  yes
virtdomains:       yes
defaultdomain: kolkatainfoservices.in
loginrealms:   kolkatainfoservices.in
hashimapspool: true
lmtpsocket:  /var/lib/imap/socket/lmtp




More information about the Info-cyrus mailing list