j...@destar.net wrote: > Hello List! > > I am going mad, mad as in crazy. > > CentOS 5.5 > > Sendmail 8.13.8/8.13.8 > > cyrus-imapd.x86_64 -2.3.7-7.el5_4.3 > cyrus-imapd-devel.x86_64 -2.3.7-7.el5_4.3 > cyrus-imapd-perl.x86_64 -2.3.7-7.el5_4.3 > cyrus-imapd-utils.x86_64 -2.3.7-7.el5_4.3 > > cyrus-sasl.x86_64 -2.1.22-5.el5_4.3 > cyrus-sasl-devel.x86_64 -2.1.22-5.el5_4.3 > > cyrus-sasl-gssapi.x86_64 -2.1.22-5.el5_4.3 > cyrus-sasl-lib.x86_64 -2.1.22-5.el5_4.3 > cyrus-sasl-md5.x86_64 -2.1.22-5.el5_4.3 > cyrus-sasl-plain.x86_64 -2.1.22-5.el5_4.3 > > > I am using Thunderbird to test with. I want completely disallow logins > without TLS for IMAP. > > This is my /etc/imapd.conf > > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > admins: cyrus > sievedir: /var/lib/imap/sieve > sendmail: /usr/sbin/sendmail > hashimapspool: true > sasl_pwcheck_method: saslauthd auxprop > > > sasl_mech_list: LOGIN PLAIN > allowplainwithouttls: 0 > allowanonymouslogins: 0 > virtdomains: userid > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > > I think maybe I am confused here. I thought 'allowplainwithouttls: O' > would not allow cleartext passwords but now I am thinking it means > only the PLAIN mech. > > Is that correct? > > If that is the case, how do I configure the server to only accept > PLAIN LOGIN only if there is SSL/TLS present? Right now when I do a > packet capture on the session I can see the username and password in > cleartext inside of my capture file. > > Thanks for any help, > > Jon > > > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
It's been a while since I set this up, but I found I also needed to use the following: sasl_minimum_layer: 128 Perhaps it's unecessary at this point... Cheers, Rafe ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
