[horde] Authentication issues
Michael M Slusarz
slusarz at horde.org
Tue Jul 23 16:49:44 UTC 2013
> Is that a sufficient test for TLS over 143? If so it works logging
> in with all different users. So could I have this as my
> /imp/config/backends.local.php
>
> // IMAP server
> $servers['imap'] = array(
> // ENABLED by default; will connect to IMAP port on local server
> 'disabled' => false,
> 'name' => 'Server',
> 'hostspec' => 'localhost',
> 'hordeauth' => full,
> 'protocol' => 'imap',
> 'port' => 143,
> // Plaintext logins are disabled by default on IMAP servers (see RFC 3501
> // [6.2.3]), so TLS is the only guaranteed authentication available by
> // default.
> 'secure' => 'tls',
> );
>
> I seem to read between the lines that its the most approved method?
> Is that right?
TLS is the only official method.There is no such thing as SSL over
port 993 in a RFC.
That being said... Due to some poorly written clients (and some lazy
network admins), some sites actually entirely disable port 143 and
force connection to 993 via SSL. So its a muddled situation.
TLS is preferred because you will only ever have 1 port open for IMAP.
Each additional port you open is just another entrance point for a
security related attack.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list