Hi,
I'm setting up a new IMAPS server using Dovecot 2.4 at the moment.
I'd like my network internal users to authenticate using GSSAPI.
The server is also exposed to the Internet for smart phone email access. I want
to offer PLAIN login only for external users as they can't be legitimate
internal Kerberos users. (Just as an additional layer of security.)
Would this approach work?
service imap-login {
inet_listener imaps_external {
port = 1993
ssl = yes
auth_mechanisms = plain login
}
inet_listener imaps_internal {
port = 7993
ssl = yes
auth_mechanisms = plain login gssapi
}
}
Then I'd allow only port 1993 externally and keep port 7993 for the LAN.
Thank you for your advice!
Reg
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
