- Previous message: Craig White: "Re: Set quota"
- Maybe in reply to: Kevin: "imapd.conf parameter: sasl_minimum_layer not working as advertised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Ken Murchison (no email)
Date: Tue Nov 08 2005 - 09:03:51 EST
Kevin wrote:
> Hi Folks-
>
> I'm using Cyrus IMAPd v2.2.12.
>
> I'd like to allow clients to authenticate using the plaintext mechanism,
> but only if those connections are secured with TLS. Is there a way to
> do so?
>
> I have the following settings in imapd.conf:
>
> sasl_minimum_layer: 56
> allowplaintext: yes
>
> But I can still connect to the server with unencrypted connections and
> do plaintext authentication.
>
> According to man imapd.conf:
>
> sasl_minimum_layer: 0
> The minimum SSF that the server will allow a client to negotiate. A
> value of 1 requires integrity protection; any higher value requires
> some amount of encryption.
>
> Before using the sasl_minimum_layer parameter at all, the server was
> allowing plaintext logins that were encrypted with TLS and those that
> were not. I figured that by setting this parameter to 2, I would
> accomplish my goal of allowing plaintext logins but only if encrypted
> with TLS and denying unencrypted plaintext logins. When the setting of
> 2 failed, I tried 56, but it too allows unencrypted plaintext
> authentication.
>
> Is this a bug or am I missing something?
What you want is:
allowplaintext: no
-- Kenneth Murchison Systems Programmer Carnegie Mellon University ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|