X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=doc%2Fauthentication.txt;h=98e61105635d4f3d703a421ae07db457ce647dd6;hb=887f7f28f8e85139eae7031a63d8c88c4832dfca;hp=deff3059256f5b3afde777ccc562521042672b4c;hpb=1c6d997a14fd0034cfb1160bbebe5b86ae534132;p=squirrelmail.git diff --git a/doc/authentication.txt b/doc/authentication.txt index deff3059..98e61105 100644 --- a/doc/authentication.txt +++ b/doc/authentication.txt @@ -1,7 +1,7 @@ ********************************************** IMAP AND SMTP AUTHENTICATION WITH SQUIRRELMAIL -Preliminary documentation - 6 Dec 2002 -Chris Hilts chilts@birdbrained.org +$Id$ +Chris Hilts tassium@squirrelmail.org ********************************************** Prior to SquirrelMail 1.3.3, only plaintext logins for IMAP and SMTP were @@ -12,6 +12,11 @@ SMTP. TLS is able to be enabled on a per-service basis as well. Unless the administrator changes the authentication methods, SquirrelMail will default to the "classic" plaintext methods, without TLS. +Note: There is no point in using TLS if your IMAP server is localhost. You need +root to sniff the loopback interface, and if you don't trust root, or an attacker +already has root, the game is over. You've got a lot more to worry about beyond +having the loopback interface sniffed. + REQUIREMENTS ------------ @@ -23,10 +28,12 @@ CRAM/DIGEST-MD5 TLS * SquirrelMail 1.3.3 or higher -* PHP 4.3.0 or higher +* PHP 4.3.0 or higher (Check Release Notes for PHP 4.3.x information) * The "STARTTLS" command is NOT supported. The server you wish to use TLS on must have a dedicated port listening for TLS connections. (ie. port - 993 for IMAP, 465 for SMTP) + 993 for IMAP, 465 for SMTP) +* If you use PHP 4.3.x, OpenSSL support must be compiled staticly. See + PHP bug #29934 (http://bugs.php.net/bug.php?id=29934) CONFIGURATION ------------- @@ -55,25 +62,47 @@ server, start a DIGEST-MD5 auth session, and include the challenge from the server in your bug report.) To get the challenge with IMAP: - telnet imap - [server says hello] - A01 AUTHENTICATE DIGEST-MD5 - - * - [server says auth aborted] - A02 LOGOUT - [server says goodbye, closes connection] + telnet imap + [server says hello] + A01 AUTHENTICATE DIGEST-MD5 + + * + [server says auth aborted] + A02 LOGOUT + [server says goodbye, closes connection] To get the challenge with SMTP: - telnet smtp - [server sends some sort of "hello" banner] - EHLO myhostname - [server will probably list a bunch of capabilities] - AUTH DIGEST-MD5 - - * - [server says auth aborted] - QUIT - [server says bye, closes connection] + telnet smtp + [server sends some sort of "hello" banner] + EHLO myhostname + [server will probably list a bunch of capabilities] + AUTH DIGEST-MD5 + + * + [server says auth aborted] + QUIT + [server says bye, closes connection] + + +OPTIONAL SMTP AUTH CONFIGURATION +-------------------------------- + +If you need all users to send mail via an upstream SMTP provider +(your ISP, for example), and that ISP requires authentication, +there are two variables that can be added to config_local.php +that will specify a sitewide SMTP username and password. + +Set up SMTP authentication to the remote server according to the +instructions above, then add the following to config_local.php, +replacing and with the username and password +you'd like to use for the entire site: + + $smtp_sitewide_user = ''; + $smtp_sitewide_pass = ''; + +These values will be used to connect to the SMTP server as long +as the authentication mechanism is something besides 'none', i.e. +'login','plain','cram-md5', or 'digest-md5'. + [End]