[lug] dovecot/PAM mix
D. Stimits
stimits at comcast.net
Sun Dec 31 19:36:31 MST 2006
...
>
> there are two secure auth settings in Thunderbird/Mozilla. The box
> that says "Use Secure Authentication" is actually intended for talking
> to MS Exchange (this is my memory from last time I had to deal with
> this, I can't seem to find useful info about this option now). All
> that you need for imaps is to tell Thunderbird/Mozilla to use TLS/SSL
> and the right port number.
>
> I'd also try using openssl's s_client to do a test connection (similar
> to using telnet to 143 and doing an IMAP session by hand).
This did the job...at first I didn't realize that the secure auth was
pointless when using SSL/TLS. I was worried that it was going to
authenticate in plain text before turning it over to SSL, but I worried
for nothing...the whole session appears to be protected. I simply set
the dovecot server to use only imaps, always TLS/SSL, and all is good.
Once that's done, pam can be used without worry of plain text showing up.
Has anyone here set up dovecot to require that a cert signed by the
local server is available on the client before allowing connect? I'm
just toying with the idea of disabling IMAP login even for clients with
the right password if they don't have the right cert. I imagine that a
big part of the problem would then be issuing certs to all the different
clients, e.g., maybe mozilla and mutt can use the same cert format, but
others might require yet a different cert.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list