On 09/13/2013 07:59 AM, Johannes Weberhofer wrote:
Am 13.09.2013 04:30, schrieb Quinn Comendant:
On Wed, 11 Sep 2013 15:07:31 +0200, Johannes Weberhofer wrote:
this line in the spec will remove CRAM-MD5 completely:
%{__perl} -pi -e "s|\#define CRAM_MD5||g" qmail-smtpd.c
I'd like to do this as well to remove the dependence on
pw_clear_passwd. It's really this easy? And the clients that were
using CRAM MD5 before will then use the alternative available
option(s) during the smtp/submission transaction?
I look forward to seeing this as a full howto up on the wiki. ;)
Quinn
I'd recommend to disable plaintext-passworts in vpopmail, too (see
configure) and to disable CRAM-MD5 as authentication method in dovecot.
Where possible you should force using SSL or TLS connections.
Johannes
I agree.
I would try to minimize the impact on users before shutting this down on
the server though. You can see in /var/log/maillog which authentication
methods are being used. You can grep this to see who is using cram-md5,
then notify them that this authentication method will no longer be
available effective the date of your choosing. Including instructions
regarding how to change their configuration would also be appropriate. I
would also recommend a reminder notification shortly before the change
to those who hadn't changed their client(s) yet.
Of course, you're the admin, and can handle things to your liking. :)
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
