Plaintext only for loopback?

Alain Spineux aspineux at gmail.com
Mon Jan 14 08:33:30 EST 2008


On Jan 14, 2008 12:48 AM, Chris Pepper <pepper at reppep.com> wrote:
> Jorey Bump wrote:
> > Chris Pepper wrote, at 01/13/2008 01:59 AM:
> >
> >>     I want to allow plaintext auth only for SquirrelMail (running on
> >> the Cyrus IMAPd server), and require encrypted authentication over all
> >> physical network connections.
> >
> > Why do you want plaintext auth only for SquirrelMail? It supports TLS,
> > alternate ports, CRAM-MD5, and DIGEST-MD5. For example, My Squirrelmail
> > is set up to use LOGIN/TLS on port 993 (settings inherited from a
> > historical setup, I can also support the other options). Are you trying
> > to avoid the overhead of TLS?
>
>
>         Arrgh! SquirrelMail offers plain, cram-md5, and digest-md5, and only
> plain appears to work against /etc/shadow. I don't want the overhead of
> running TLS over loopback, so I think I will have to do without forcing
> secure auth for non-SSL IMAP/POP, and use the firewall to prevent
> Internet users from connecting over the Internet w/o SSL (so I don't
> have to worry about them unwisely using PLAIN or LOGIN over plaintext
> connection).
>
>         Pity. It would be nice to have the option of doing IMAP on the IMAP
> port without worrying about unencrypted plaintext auth.
>
>
>                                                 Thanks,
>
>
>                                                 Chris
> PS-Bron, I don't want to deal with multiple instances, and I don't need
> too, since I can firewall IMAP (non-SSL) and only let SquirrelMail
> connect to port 143. I'm not looking forward to the SpamAssassin/ClamAV
> sandwich on the SMTP side.


If you have SSL and non SSL, you already have multiple instance :-)
Maybe you mean having multiple imapd.conf then.


> --
> Chris Pepper:                <http://www.reppep.com/~pepper/>
>                               <http://www.extrapepperoni.com/>
> The Rockefeller University:  <http://www.rockefeller.edu/>
> ----
>
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>



-- 
Alain Spineux
aspineux gmail com
May the sources be with you


More information about the Info-cyrus mailing list