| 03814228 |
1 | ********************************************** |
| 2 | IMAP AND SMTP AUTHENTICATION WITH SQUIRRELMAIL |
| 639c7164 |
3 | Preliminary documentation - 6 Dec 2002 |
| 03814228 |
4 | Chris Hilts chilts@birdbrained.org |
| 5 | ********************************************** |
| 6 | |
| 7 | Prior to SquirrelMail 1.3.3, only plaintext logins for IMAP and SMTP were |
| 8 | supported. With the release of SquirrelMail 1.3.3, support for the |
| 9 | CRAM-MD5 and DIGEST-MD5 auth mechanisms has been added. TLS support has |
| 10 | also been added. It is possible to use different methods for both IMAP and |
| 11 | SMTP. TLS is able to be enabled on a per-service basis as well. |
| 12 | Unless the administrator changes the authentication methods, SquirrelMail |
| 13 | will default to the "classic" plaintext methods, without TLS. |
| 14 | |
| 15 | REQUIREMENTS |
| 16 | ------------ |
| 17 | |
| 18 | CRAM/DIGEST-MD5 |
| 19 | * SquirrelMail 1.3.3 or higher |
| 639c7164 |
20 | * If you have the mhash extension to PHP, it will automatically |
| 21 | be used, which may help performance on heavily loaded servers. |
| 22 | ** NOTE: mhash is optional and no longer a requirement ** |
| 03814228 |
23 | |
| 24 | TLS |
| 25 | * SquirrelMail 1.3.3 or higher |
| 26 | * PHP 4.3.0 or higher |
| 27 | * The "STARTTLS" command is NOT supported. The server you wish to use TLS |
| 28 | on must have a dedicated port listening for TLS connections. (ie. port |
| 29 | 993 for IMAP, 465 for SMTP) |
| 30 | |
| 31 | CONFIGURATION |
| 32 | ------------- |
| 33 | |
| 34 | All configuration is done using conf.pl, under main menu option #2. |
| 35 | |
| 1c6d997a |
36 | conf.pl can now attempt to detect which mechanisms your servers support. |
| 37 | You must have set the host and port before attempting to detect, or you |
| 38 | may get inaccurate results, or a long wait while the connection times out. |
| 39 | |
| 40 | If you get results that you know are wrong when you use auto-detection, I |
| 41 | need to know about it. Please send me the results you got, the results you |
| 42 | expected, and server type, name, and version (eg. "imap, Cyrus, v2.1.9"). |
| 43 | |
| 03814228 |
44 | KNOWN ISSUES |
| 45 | ------------ |
| 46 | |
| 47 | DIGEST-MD5 has three different methods of operation. (qop options "auth", |
| 48 | "auth-int" and "auth-conf"). This implementation currently supports "auth" |
| 49 | only. Work is being done to add the other two modes. |
| 50 | |
| 51 | DIGEST-MD5 _may_ fail when authenticating with servers that supply more |
| 52 | than one "realm". I have no servers of this type to test on, so if you do |
| 53 | and it fails, let me know! (A big help would be for you to telnet to your |
| 54 | server, start a DIGEST-MD5 auth session, and include the challenge from the |
| 55 | server in your bug report.) |
| 56 | |
| 57 | To get the challenge with IMAP: |
| 58 | telnet <your server> imap |
| 59 | [server says hello] |
| 60 | A01 AUTHENTICATE DIGEST-MD5 |
| 61 | <copy the gobbledygook that the server sends - this is what I need> |
| 62 | * |
| 63 | [server says auth aborted] |
| 64 | A02 LOGOUT |
| 65 | [server says goodbye, closes connection] |
| 66 | |
| 67 | To get the challenge with SMTP: |
| 68 | telnet <your server> smtp |
| 69 | [server sends some sort of "hello" banner] |
| 70 | EHLO myhostname |
| 71 | [server will probably list a bunch of capabilities] |
| 72 | AUTH DIGEST-MD5 |
| 73 | <copy the gobbledygook that the server sends - this is what I need> |
| 74 | * |
| 75 | [server says auth aborted] |
| 76 | QUIT |
| 77 | [server says bye, closes connection] |
| 78 | |
| 79 | [End] |
projects / squirrelmail.git / blame