develooper Front page | perl.qpsmtpd | Postings from June 2006

Re: [PATCH] Require TLS/SSL before offering AUTH

Thread Previous
John Peacock
June 22, 2006 07:56
Re: [PATCH] Require TLS/SSL before offering AUTH
Message ID:
Robin H. Johnson wrote:
> This patch adds a new configuration option 'tls_before_auth', that when set,
> does not offer AUTH until the connection has been secured. This helps to
> prevent password disclosures with SASL LOGIN/PLAIN mechanisms.

Applied, thanks!  You provided a patch to README (good, I don't remember 
to do that piece) but we also include a sample configuration in 
config.sample, which I created before applying.

I also committed your "SSL in header" patch at the same time.



Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About