develooper Front page | perl.qpsmtpd | Postings from June 2006

Re: [PATCH] Require TLS/SSL before offering AUTH

Thread Previous
From:
John Peacock
Date:
June 22, 2006 07:56
Subject:
Re: [PATCH] Require TLS/SSL before offering AUTH
Message ID:
449AAFAE.2020704@rowman.com
Robin H. Johnson wrote:
> This patch adds a new configuration option 'tls_before_auth', that when set,
> does not offer AUTH until the connection has been secured. This helps to
> prevent password disclosures with SASL LOGIN/PLAIN mechanisms.

Applied, thanks!  You provided a patch to README (good, I don't remember 
to do that piece) but we also include a sample configuration in 
config.sample, which I created before applying.

I also committed your "SSL in header" patch at the same time.

Thanks

John

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About