Disallow cleartext on the wire

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello List!

I am going mad, mad as in crazy.

CentOS 5.5

Sendmail 8.13.8/8.13.8

cyrus-imapd.x86_64        -2.3.7-7.el5_4.3
cyrus-imapd-devel.x86_64  -2.3.7-7.el5_4.3
cyrus-imapd-perl.x86_64   -2.3.7-7.el5_4.3
cyrus-imapd-utils.x86_64  -2.3.7-7.el5_4.3

cyrus-sasl.x86_64         -2.1.22-5.el5_4.3
cyrus-sasl-devel.x86_64   -2.1.22-5.el5_4.3

cyrus-sasl-gssapi.x86_64  -2.1.22-5.el5_4.3
cyrus-sasl-lib.x86_64     -2.1.22-5.el5_4.3
cyrus-sasl-md5.x86_64     -2.1.22-5.el5_4.3
cyrus-sasl-plain.x86_64   -2.1.22-5.el5_4.3


I am using Thunderbird to test with. I want completely disallow logins  
without TLS for IMAP.

This is my /etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd auxprop


sasl_mech_list: LOGIN PLAIN
allowplainwithouttls: 0
allowanonymouslogins: 0
virtdomains: userid
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt


I think maybe I am confused here. I thought 'allowplainwithouttls: O'  
would not allow cleartext passwords but now I am thinking it means  
only the PLAIN mech.

Is that correct?

If that is the case, how do I configure the server to only accept  
PLAIN LOGIN only if there is SSL/TLS present? Right now when I do a  
packet capture on the session I can see the username and password in  
cleartext inside of my capture file.

Thanks for any help,

Jon


----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/


[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux