On Tuesday, April 22, 2014 3:31:47 PM CEST, Urban Loesch wrote:
Hi,
Is there a way to set "disable_plaintext_auth" to different values for different Password Databases? Is there another way to do it?
Why do you not force SSL for all users?
I have no idea how this could be made with different databases. I have only build a solution for all users stored in mysql.
I'm able to force SSL for imap and pop3 on a per user basis with e.g.:
... password_query = SELECT password FROM users WHERE userid = '%u' AND allow_login = 'y' AND ( force_ssl = 'y' OR '%c' = 'secured');
Waitasecond. I might be totally off here, but the way I read that query you accept plaintext credentials, unsecured and then check the DB. After which you might say "You're not allowed to log in".
If that is correct every user might send their credentials over unsecured connections?
In my opinion this doesn't help. Clients cannot know in advance that they shouldn't try to login.
I guess I'd either
drop the requirement (best option, hit the users that don't support TLS or offer them help to upgrade/fix their setup)
live with the possibility that the system users are potentially disclosing their credentials.
Take a step back: A random client connects to dovecot. It didn't log in yet. How would you change the capabilities to reflect 'login without starttls is allowed or not', depending on a username that you cannot know at this point?
My take, ignoring the "There shouldn't be a need for that" quip, is that this is next to impossible. And not worth the challenge.
Ben