| | 1 | ********************************************** |
| | 2 | IMAP AND SMTP AUTHENTICATION WITH SQUIRRELMAIL |
| | 3 | Preliminary documentation - 20 Nov 2002 |
| | 4 | Chris Hilts chilts@birdbrained.org |
| | 5 | ********************************************** |
| | 6 | |
| | 7 | Prior to SquirrelMail 1.3.3, only plaintext logins for IMAP and SMTP were |
| | 8 | supported. With the release of SquirrelMail 1.3.3, support for the |
| | 9 | CRAM-MD5 and DIGEST-MD5 auth mechanisms has been added. TLS support has |
| | 10 | also been added. It is possible to use different methods for both IMAP and |
| | 11 | SMTP. TLS is able to be enabled on a per-service basis as well. |
| | 12 | Unless the administrator changes the authentication methods, SquirrelMail |
| | 13 | will default to the "classic" plaintext methods, without TLS. |
| | 14 | |
| | 15 | REQUIREMENTS |
| | 16 | ------------ |
| | 17 | |
| | 18 | CRAM/DIGEST-MD5 |
| | 19 | * SquirrelMail 1.3.3 or higher |
| | 20 | * The mhash extension for PHP. (Debian users: You're lucky. Type 'apt-get |
| | 21 | install php4-mhash' and you're done.) |
| | 22 | |
| | 23 | TLS |
| | 24 | * SquirrelMail 1.3.3 or higher |
| | 25 | * PHP 4.3.0 or higher |
| | 26 | * The "STARTTLS" command is NOT supported. The server you wish to use TLS |
| | 27 | on must have a dedicated port listening for TLS connections. (ie. port |
| | 28 | 993 for IMAP, 465 for SMTP) |
| | 29 | |
| | 30 | CONFIGURATION |
| | 31 | ------------- |
| | 32 | |
| | 33 | All configuration is done using conf.pl, under main menu option #2. |
| | 34 | |
| | 35 | KNOWN ISSUES |
| | 36 | ------------ |
| | 37 | |
| | 38 | DIGEST-MD5 has three different methods of operation. (qop options "auth", |
| | 39 | "auth-int" and "auth-conf"). This implementation currently supports "auth" |
| | 40 | only. Work is being done to add the other two modes. |
| | 41 | |
| | 42 | DIGEST-MD5 _may_ fail when authenticating with servers that supply more |
| | 43 | than one "realm". I have no servers of this type to test on, so if you do |
| | 44 | and it fails, let me know! (A big help would be for you to telnet to your |
| | 45 | server, start a DIGEST-MD5 auth session, and include the challenge from the |
| | 46 | server in your bug report.) |
| | 47 | |
| | 48 | To get the challenge with IMAP: |
| | 49 | telnet <your server> imap |
| | 50 | [server says hello] |
| | 51 | A01 AUTHENTICATE DIGEST-MD5 |
| | 52 | <copy the gobbledygook that the server sends - this is what I need> |
| | 53 | * |
| | 54 | [server says auth aborted] |
| | 55 | A02 LOGOUT |
| | 56 | [server says goodbye, closes connection] |
| | 57 | |
| | 58 | To get the challenge with SMTP: |
| | 59 | telnet <your server> smtp |
| | 60 | [server sends some sort of "hello" banner] |
| | 61 | EHLO myhostname |
| | 62 | [server will probably list a bunch of capabilities] |
| | 63 | AUTH DIGEST-MD5 |
| | 64 | <copy the gobbledygook that the server sends - this is what I need> |
| | 65 | * |
| | 66 | [server says auth aborted] |
| | 67 | QUIT |
| | 68 | [server says bye, closes connection] |
| | 69 | |
| | 70 | [End] |
projects / squirrelmail.git / blame_incremental