03814228 |
1 | ********************************************** |
2 | IMAP AND SMTP AUTHENTICATION WITH SQUIRRELMAIL |
639c7164 |
3 | Preliminary documentation - 6 Dec 2002 |
03814228 |
4 | Chris Hilts chilts@birdbrained.org |
5 | ********************************************** |
6 | |
7 | Prior to SquirrelMail 1.3.3, only plaintext logins for IMAP and SMTP were |
8 | supported. With the release of SquirrelMail 1.3.3, support for the |
9 | CRAM-MD5 and DIGEST-MD5 auth mechanisms has been added. TLS support has |
10 | also been added. It is possible to use different methods for both IMAP and |
11 | SMTP. TLS is able to be enabled on a per-service basis as well. |
12 | Unless the administrator changes the authentication methods, SquirrelMail |
13 | will default to the "classic" plaintext methods, without TLS. |
14 | |
15 | REQUIREMENTS |
16 | ------------ |
17 | |
18 | CRAM/DIGEST-MD5 |
19 | * SquirrelMail 1.3.3 or higher |
639c7164 |
20 | * If you have the mhash extension to PHP, it will automatically |
21 | be used, which may help performance on heavily loaded servers. |
22 | ** NOTE: mhash is optional and no longer a requirement ** |
03814228 |
23 | |
24 | TLS |
25 | * SquirrelMail 1.3.3 or higher |
26 | * PHP 4.3.0 or higher |
27 | * The "STARTTLS" command is NOT supported. The server you wish to use TLS |
28 | on must have a dedicated port listening for TLS connections. (ie. port |
29 | 993 for IMAP, 465 for SMTP) |
30 | |
31 | CONFIGURATION |
32 | ------------- |
33 | |
34 | All configuration is done using conf.pl, under main menu option #2. |
35 | |
36 | KNOWN ISSUES |
37 | ------------ |
38 | |
39 | DIGEST-MD5 has three different methods of operation. (qop options "auth", |
40 | "auth-int" and "auth-conf"). This implementation currently supports "auth" |
41 | only. Work is being done to add the other two modes. |
42 | |
43 | DIGEST-MD5 _may_ fail when authenticating with servers that supply more |
44 | than one "realm". I have no servers of this type to test on, so if you do |
45 | and it fails, let me know! (A big help would be for you to telnet to your |
46 | server, start a DIGEST-MD5 auth session, and include the challenge from the |
47 | server in your bug report.) |
48 | |
49 | To get the challenge with IMAP: |
50 | telnet <your server> imap |
51 | [server says hello] |
52 | A01 AUTHENTICATE DIGEST-MD5 |
53 | <copy the gobbledygook that the server sends - this is what I need> |
54 | * |
55 | [server says auth aborted] |
56 | A02 LOGOUT |
57 | [server says goodbye, closes connection] |
58 | |
59 | To get the challenge with SMTP: |
60 | telnet <your server> smtp |
61 | [server sends some sort of "hello" banner] |
62 | EHLO myhostname |
63 | [server will probably list a bunch of capabilities] |
64 | AUTH DIGEST-MD5 |
65 | <copy the gobbledygook that the server sends - this is what I need> |
66 | * |
67 | [server says auth aborted] |
68 | QUIT |
69 | [server says bye, closes connection] |
70 | |
71 | [End] |