On 2006-11-01 at 17:37 -0500, Scott Adkins wrote: > Of course, contacting SSL ports are a bit more difficult. If you need to > probe an IMAPS or POP3S port, telnet just doesn't work. True, and there are many good examples available. Wrapping imtest will even let you check authentication inside SSL. Myself though, I'd be a little cautious about through SSL at the service immediately. When the system's starting and various daemons are doing their Thing, entropy is precious and unnecessary cryptography to be avoided as it can lead to delays elsewhere. So I personally suggest leaving the automated checks to plain TCP and seeing if the monitoring facility (sorry, I don't know SMF) can delay the SSL/TLS-based checks until five minutes after boot/service-start. Unless you have decent hardware crypto accelerators providing decent entropy, so that in practice you never need to worry about running out. :^) -- "Everything has three factors: politics, money, and the right way to do it. In that order." -- Gary Donahue ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
