Kenneth Murchison writes:
I don't know about imspd, but for imapd run it with '-p 2' (or higher).
Check imapd(8) for details.
And here I was reading the source looking for a way, and RTFM would
have done it. However, I wouldn't have guessed that from the man page:
OPTIONS
-p ssf
Tell imapd that an external layer exists. An SSF
(security strength factor) of 1 means an integrity pro-
tection layer exists. Any higher SSF implies some form
of privacy protection.
Now, my real problem is that I'm using a php-based web client that
uses imap-2000a c-client to connect to the Cyrus IMAP (and IMSP)
servers. Both run on the same host, so network security is not an
issue. C-client is supposed to authenticate with either CRAM-MD5
or LOGIN, but it seems only to use CRAM-MD5. I suspect that this is
because the servers don't advertize LOGIN. I'm using the
auto_transition feature of SASL to populate the CRAM-MD5 database
from plaintext passwords. This means that users can login via the
php-based web client until they have done one plaintext login by
some other method. The result is mass confusion. I need a way out
of this mess without degrading security too much. Any suggestions?
--
-Gary Mills--Unix Support--U of M Academic Computing and Networking-
