Jorey Bump wrote: > Chris Pepper wrote, at 01/13/2008 01:59 AM: > >> I want to allow plaintext auth only for SquirrelMail (running on >> the Cyrus IMAPd server), and require encrypted authentication over all >> physical network connections. > > Why do you want plaintext auth only for SquirrelMail? It supports TLS, > alternate ports, CRAM-MD5, and DIGEST-MD5. For example, My Squirrelmail > is set up to use LOGIN/TLS on port 993 (settings inherited from a > historical setup, I can also support the other options). Are you trying > to avoid the overhead of TLS? Arrgh! SquirrelMail offers plain, cram-md5, and digest-md5, and only plain appears to work against /etc/shadow. I don't want the overhead of running TLS over loopback, so I think I will have to do without forcing secure auth for non-SSL IMAP/POP, and use the firewall to prevent Internet users from connecting over the Internet w/o SSL (so I don't have to worry about them unwisely using PLAIN or LOGIN over plaintext connection). Pity. It would be nice to have the option of doing IMAP on the IMAP port without worrying about unencrypted plaintext auth. Thanks, Chris PS-Bron, I don't want to deal with multiple instances, and I don't need too, since I can firewall IMAP (non-SSL) and only let SquirrelMail connect to port 143. I'm not looking forward to the SpamAssassin/ClamAV sandwich on the SMTP side. -- Chris Pepper: <http://www.reppep.com/~pepper/> <http://www.extrapepperoni.com/> The Rockefeller University: <http://www.rockefeller.edu/> ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
