Re: forcing user to use strong auth

[Tony Earnshaw <tonni@billy.demon.nl>]

fre, 2003-02-14 kl. 19:45 skrev Beast:

> At 05:47 AM 2/14/2003 -0500, Adam Williams wrote:
> >>How to force user to user encrypted session only (never allow plain mode)?

For forced SSL, simply run the server on no other port than 693.
To force TLS on port 389, 'disallow bind_simple_unprotected' ought to
work (man slapd.conf).

> >>forcing means on the server side, not client side.

Yep.

> If this directory mainly used for domain authentication (using pam and
> samba) also use for pop3/imap what is recomended setup, using ssl or tls?

Depends on what the imapd/pop3d server supports. I use wu-imapd 2002a
which I've compiled to provide support for both TTLS and SSL. pam stuff
will support whatever you have (f. ex. pam-based wu-imap does either SSL
or TLS), don't know about samba.

> how many mail client support for tls?

No idea. Evolution 1.0.0 upwards (1.2.2 is current, 1.3 is in beta)
does. My old (1.1b) Mozilla doesn't - only SSL. Horde Imp (webmail) does
(CVS at least). I believe some Windows things like Eudora do, but are
really yucky about it, from what I've read.

Best,

Tony

-- 

Tony Earnshaw

When you rob a person of his illusions,
you are robbing him of his happiness


e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl