Gateway: disable_plaintext_auth not working?



  • Hi *!

    I wonder if the disable_plaintext_auth setting in Kopano Gateway works.

    I have set this to “yes” and restarted the gateway, but I still can login with my username and password without having started a TLS session. Do I misunderstand this setting? What should it do, if not preventing giving credentials over an unencrypted connection?

    Proof:
    for POP3:
    Trying 127.0.0.1…
    Connected to localhost.
    Escape character is ‘^]’.
    USER myusername
    +OK Waiting for password
    PASS hiddenpassword
    +OK Username and password accepted
    STAT
    +OK 1288 464710878
    LIST 1
    +OK 1 2909199
    QUIT
    +OK Bye

    for IMAP
    root@border:~# telnet localhost imap
    Trying 127.0.0.1…
    Connected to localhost.
    Escape character is ‘^]’.

    • OK [CAPABILITY IMAP4rev1 LITERAL+ STARTTLS AUTH=PLAIN] IMAP gateway ready
      ? LOGIN
      ? BAD LOGIN must have 2 arguments
      LOGIN
    • BAD Command not recognized
      ? LOGIN myusername hiddenpassword
      ? NO LOGIN wrong username or password
      ? LOGIN myusername hiddenpassword
      ? OK [CAPABILITY IMAP4rev1 LITERAL+ CHILDREN XAOL-OPTION NAMESPACE QUOTA IDLE] LOGIN completed


  • To answer my own question: when looking into the code, this setting works only for connections coming from the outside world:

    From GIT: kopanocore/gateway/IMAP.cpp:
    if (!lpChannel->UsingSsl()
    && lpChannel->sslctx()
    && plain && strcmp(plain, “yes”) == 0
    && lpChannel->peer_is_local() <= 0) { … }

    When I set disable_plaintext_auth to yes and connect from the outside world to the gateway, everything works well:

    proxy# telnet kopano.gateway.server.net pop3
    Trying 1.2.3.4…
    Connected to kopano.gateway.server.net.
    Escape character is ‘^]’.
    +OK POP3 gateway ready
    USER myusername
    -ERR [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections
    QUIT

    It’s more a documentation problem than a technical …


Log in to reply
 

Looks like your connection to Kopano Community Forum was lost, please wait while we try to reconnect.