Hi,
I just used network sniffer to check the security of login password, I found that password from 110 and 143 is in clear text.
How can I reconfigure cyrus so that it dos not use clear text authentication?
I m using cyrus-imap(2.2) with SASL2
You need to either use LOGIN/PLAIN over a TLS/SSL encrypted line (probably easier to implement if you have been using plain/login for some time) or switch to using CRAM-MD5/DIGEST-MD5. If you 'man imapd.conf', look for the the tls_* options. At it's most simplistic, you will use something like:
tls_ca_path: /etc/ssl/certs tls_cert_file: /etc/ssl/cyrus/mail.crt tls_key_file: /etc/ssl/cyrus/mail.key
Note: I would suggest the use of SSL/TLS for SMTP AUTH as well.
HTH,
-- Carl P. Corliss --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
