[horde] Authentication issues

Steven Swarts steven at swartsit.com
Tue Jul 23 11:13:36 UTC 2013 

On 23/07/2013 7:07 PM, Steven Swarts wrote:
>
> On 23/07/2013 5:11 PM, Ralf Lang wrote:
>>>> You almost certainly don't want TLS on port 993. TLS is normally on
>>>> port 143 (the standard IMAP port).
>>>>
>>> Forgive my ignorance but why is that?
>> Because there is a difference between imap/starttls and imaps.
>> imap/starttls should run on standard imap port while 993 is usually
>> associated with imaps.
>>
>>
>>
>>
> Ok that makes sense.
>
> So would this be better?
>
> // IMAP server
> $servers['imap'] = array(
>     // ENABLED by default; will connect to IMAP port on local server
>     'disabled' => false,
>     'name' => 'Server',
>     'hostspec' => 'localhost',
>     'hordeauth' => full,
>     'protocol' => 'imap',
>     'port' => 993,
>     // Plaintext logins are disabled by default on IMAP servers (see 
> RFC 3501
>     // [6.2.3]), so TLS is the only guaranteed authentication 
> available by
>     // default.
>     'secure' => 'ssl',
> );
>
> The only reason I am harping on about port 993 is that is all that 
> works. I've tried connecting via 143 TLS and it doesn't work - 
> Something obviously wrong with Postfix/Dovecot I believe or again more 
> likely my lack of knowledge.
>
> I did read above that it was deprecated in favor of TLS on 143, but 
> without knowing how to set that up, i'm a little stuck.
>
> Regards,
> Steve
Just another thing I just tried the following:

openssl s_client -connect mail.example.com:143 -starttls imap

Is that a sufficient test for TLS over 143? If so it works logging in 
with all different users. So could I have this as my 
/imp/config/backends.local.php

// IMAP server
$servers['imap'] = array(
     // ENABLED by default; will connect to IMAP port on local server
     'disabled' => false,
     'name' => 'Server',
     'hostspec' => 'localhost',
     'hordeauth' => full,
     'protocol' => 'imap',
     'port' => 143,
     // Plaintext logins are disabled by default on IMAP servers (see 
RFC 3501
     // [6.2.3]), so TLS is the only guaranteed authentication available by
     // default.
     'secure' => 'tls',
);

I seem to read between the lines that its the most approved method? Is 
that right?

Sorry to ask so many questions but you guys are really helping me out.

Cheers,
Steve

More information about the horde mailing list