[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Plaintext passwords IMAP please!



On Wednesday 14 January 2004 17:13, Carl Peto wrote:
> Thanks Maarten,
>
> I thought I was going mad!
>
> I agree that a core function like this shouldn't be changed in such an
> unhelpful way.
>
> IMHO this is supposed to be why we use SuSE rather than suffering the
> random decisions of package maintainers and even of IETF bodies?
>
> I am totally unfamiliar with SSL, I've resisted it just out of laziness - I
> have enough to do with being a Windows dev. and part-time linux sysadmin
> anyway!
>
> All clients will be Outlook Express but I'm guessing that SSL is more of a
> shared library thing on Windows, i.e. registry settings, etc. to allow
> clients to access a server with SSL where certificate is self-certified.
>
> So anyway it's worth a go; can you give me a quick idea of how I set up SSL
> on my linux box, create a certificate and then get imapd to use it?

See http://portal.suse.com/sdb/en/2003/05/imap_ssl.html 
( credit where credit is due:  Thanks SuSE ! )  ;-)

They talk about suse 8.2 but I verified it to work on 8.1 at least.  Only, the 
path to the SSL dir may be different depending on your suse version. For my 
8.2 box with an imap from 8.1, I had to tweak and/or move around something.
I'm not sure what I had to do but you should verify that the path imapd looks 
for is the same one your ssl stuff is in:
'strings /usr/sbin/imapd | grep -i ssl'  should tell you where imap looks. 
Depending on the suse version you have, your SSL dir may be /etc/ssl, 
/usr/ssl or /usr/share/ssl.  So, make symlinks if needed... 
Otherwise, it was real easy (although I opted for something else than a 
selfsigned key, the self-signing does work fine, I used that as a test).

If you don't succeed however, send me a note.

Maarten


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here