[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Plaintext passwords IMAP please!
On Wednesday 14 January 2004 16:15, Carl Peto wrote:
> I've been struggling with this for hours on end!
> All I want to do is run an IMAP server to allow my Windows clients to
> access their unix email with Outlook Express. I tried the imap package but
> that has been modified now so that no POP3 or IMAP login is allowed with a
> plaintext password unless using SSL encrypted sessions.
I have had the exact same problem. I DO use SSL, but the change in the imap
server package breaks squirrelmail. I also am not amused by SuSE's decision
to change the behaviour and by not having a way to turn this off again.
However, I made a workaround by force-installing the imap version of SuSE 8.1
over the changed one which is running on SuSE 8.2. So now everytime I forget
to UNselect imapd in online update my system breaks again. Very nice.
I too would want a better solution. And I fully concur with you on the subject
of Cyrus-imapd. Cyrus seemingly serves one single purpose, to drive sysadmins
utterly crazy. ;-| I gave up early when I saw the list of prerequisites...
> I do not want to get into the complexity of installing SSL, all boxes are
> behind a completely secure firewall and use CVS pserver, etc. anyway so the
> "security" gained by encrypting either session or passwords is completely
> The imapd daemon wouldn't accept encrypted passwords even when I switched
> the option on in my test Outlook Express mail client so I can't win either
Installing an SSL certificate so that imapd speaks SSL too is quite simple, if
you need help I can look it up for you... it is not more than 5 minutes work,
however teaching all the clients that they should trust a self-signed cert
sure isn't, so this may not be a viable option for you anyway.
> I tried to recompile imapd from source since the change to not allow
> plaintext passwords except in a TLS session is actually compiled into the
> server (very bad form, should be a config file option, probably with this
> setting as default). The source package is broken and won't compile.
> I tried installing the fiendishly complex cyrus-imapd but that doesn't work
> either, complaining about a "cannot connect to saslauthd server". Tried
> changing the sasl_pwcheck_method to "pwcheck" to see if that helped.
> Daemon won't start now complaining of db errors.
> I've set up qpopper to act as a pop3 client so I can now at least pick up
> my mail inbox from /var/spool/mail/<username> but that means I can't access
> other folders so (i) if users read mail on UNIX clients the mail goes into
> mbox and is inaccessible from Windows henceforth and more importantly (ii)
> users cannot use .procmailrc to sort mail into files like "spam",
> "suse-security-mailing-list", "cvs-logs" as these are now only accessible
> via unix and not Windows where people do most of their daily work.
> Really it's such a simple thing I want to do!
> Can anyone help?
I am certainly willing to contribute but for now I'm stuck with the same
problem as you are...
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here