Plaintext only for loopback?
Chris Pepper
pepper at reppep.com
Sun Jan 13 18:48:28 EST 2008
Jorey Bump wrote:
> Chris Pepper wrote, at 01/13/2008 01:59 AM:
>
>> I want to allow plaintext auth only for SquirrelMail (running on
>> the Cyrus IMAPd server), and require encrypted authentication over all
>> physical network connections.
>
> Why do you want plaintext auth only for SquirrelMail? It supports TLS,
> alternate ports, CRAM-MD5, and DIGEST-MD5. For example, My Squirrelmail
> is set up to use LOGIN/TLS on port 993 (settings inherited from a
> historical setup, I can also support the other options). Are you trying
> to avoid the overhead of TLS?
Arrgh! SquirrelMail offers plain, cram-md5, and digest-md5, and only
plain appears to work against /etc/shadow. I don't want the overhead of
running TLS over loopback, so I think I will have to do without forcing
secure auth for non-SSL IMAP/POP, and use the firewall to prevent
Internet users from connecting over the Internet w/o SSL (so I don't
have to worry about them unwisely using PLAIN or LOGIN over plaintext
connection).
Pity. It would be nice to have the option of doing IMAP on the IMAP
port without worrying about unencrypted plaintext auth.
Thanks,
Chris
PS-Bron, I don't want to deal with multiple instances, and I don't need
too, since I can firewall IMAP (non-SSL) and only let SquirrelMail
connect to port 143. I'm not looking forward to the SpamAssassin/ClamAV
sandwich on the SMTP side.
--
Chris Pepper: <http://www.reppep.com/~pepper/>
<http://www.extrapepperoni.com/>
The Rockefeller University: <http://www.rockefeller.edu/>
More information about the Info-cyrus
mailing list