[Ach] 9.2.1 Dovecot, some additions, questions
Pepi Zawodsky
pepi.zawodsky at maclemon.at
Wed Nov 20 01:15:03 CET 2013
On 19.11.2013, at 22:54, Adi Kriegisch <adi at kriegisch.at> wrote:
>>> disable_plaintext_auth=yes
>>> Is that plaintext within a TLS/SSL tunnel?
> No, setting this option allows the 'plain' authentication mechanism only if
> there is a SSL/TLS connection. So setting this cannot/should not do any
> harm but probably is beyond the scope of our document.
I'd say no harm done if we just keep it for best-practice. Prevents the whoopie of sending credentials over unencrypted channels. I don't see any way this can break a config but it can mitigate an error in the config where non-TLS connections become allowed.
I vote for keeping it.
Best regards
Pepi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131120/1c2a756e/attachment.sig>
More information about the Ach
mailing list