LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   TLS / SASL authentication, dovecot and postfix - does this config look correct? (http://www.linuxquestions.org/questions/linux-server-73/tls-sasl-authentication-dovecot-and-postfix-does-this-config-look-correct-838005/)

TonyAR 10-14-2010 06:34 AM

TLS / SASL authentication, dovecot and postfix - does this config look correct?
 
I am running the following on CentOS 5.5 (Final)

dovecot 1.0.7

saslauthd 2.1.22

When I send an email via TLS I see the following log entries.

Code:

Oct 14 11:53:06 ns2 postfix/smtpd[11372]: connect from unknown[172.16.1.159]
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: setting up TLS connection from unknown[172.16.1.159]
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: TLS connection established from unknown[172.16.1.159]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: DD178DAC3F: client=unknown[172.16.1.159], sasl_method=PLAIN, sasl_username=tony

What I'm really curious about is there is an intial TLS connection with a 256 bit cipher, but then..

The last entry states "sasl_method=PLAIN" - so surely this is not encrypted?

Or am I misunderstanding how it works?

Any comment / help / explanations appreciated.

Thanks.

Berhanie 10-14-2010 08:03 AM

PLAIN means that the password is transmitted in plaintext, i.e. it's not hashed in some way. This is not a problem, since you're using an encryption layer. Something to note is that saslauthd is not needed for dovecot.

TonyAR 10-14-2010 11:40 AM

Quote:

Originally Posted by Berhanie (Post 4127124)
PLAIN means that the password is transmitted in plaintext, i.e. it's not hashed in some way. This is not a problem, since you're using an encryption layer. Something to note is that saslauthd is not needed for dovecot.

I tried to follow a guide to setup Dovecot without saslauthd and failed.

At least I managed to get saslauth working!

And as it seems ok I'm happy.

Thanks for your input.


All times are GMT -5. The time now is 11:05 PM.