LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 10-14-2010, 07:34 AM   #1
TonyAR
LQ Newbie
 
Registered: Apr 2010
Posts: 15

Rep: Reputation: 0
TLS / SASL authentication, dovecot and postfix - does this config look correct?


I am running the following on CentOS 5.5 (Final)

dovecot 1.0.7

saslauthd 2.1.22

When I send an email via TLS I see the following log entries.

Code:
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: connect from unknown[172.16.1.159]
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: setting up TLS connection from unknown[172.16.1.159]
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: TLS connection established from unknown[172.16.1.159]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: DD178DAC3F: client=unknown[172.16.1.159], sasl_method=PLAIN, sasl_username=tony
What I'm really curious about is there is an intial TLS connection with a 256 bit cipher, but then..

The last entry states "sasl_method=PLAIN" - so surely this is not encrypted?

Or am I misunderstanding how it works?

Any comment / help / explanations appreciated.

Thanks.
 
Old 10-14-2010, 09:03 AM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
PLAIN means that the password is transmitted in plaintext, i.e. it's not hashed in some way. This is not a problem, since you're using an encryption layer. Something to note is that saslauthd is not needed for dovecot.
 
Old 10-14-2010, 12:40 PM   #3
TonyAR
LQ Newbie
 
Registered: Apr 2010
Posts: 15

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Berhanie View Post
PLAIN means that the password is transmitted in plaintext, i.e. it's not hashed in some way. This is not a problem, since you're using an encryption layer. Something to note is that saslauthd is not needed for dovecot.
I tried to follow a guide to setup Dovecot without saslauthd and failed.

At least I managed to get saslauth working!

And as it seems ok I'm happy.

Thanks for your input.
 
  


Reply

Tags
dovecot, postfix, saslauthd, tls


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix/dovecot - sasl authentication works no more ddaas Linux - Server 6 05-15-2009 05:45 AM
[SOLVED] SASL and TLS authentication problem in Postfix Mogget Linux - Server 1 03-31-2009 09:12 AM
postfix relay problems with SASL authentication & TLS climbingmerlin Linux - Software 0 04-05-2006 09:55 AM


All times are GMT -5. The time now is 01:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration