[SM-CVS] SF.net SVN: squirrelmail:[14963] trunk/imap_proxy/scripts/imapproxy.conf

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 14963
          http://sourceforge.net/p/squirrelmail/code/14963
Author:   pdontthink
Date:     2022-05-24 01:56:21 +0000 (Tue, 24 May 2022)
Log Message:
-----------
New configuration items for regular SASL AUTH PLAIN capability

Modified Paths:
--------------
    trunk/imap_proxy/scripts/imapproxy.conf

Modified: trunk/imap_proxy/scripts/imapproxy.conf
===================================================================

--- trunk/imap_proxy/scripts/imapproxy.conf	2022-05-24 01:55:24 UTC (rev 14962)
+++ trunk/imap_proxy/scripts/imapproxy.conf	2022-05-24 01:56:21 UTC (rev 14963)
@@ -222,8 +222,8 @@
 
 
 #
-## Set any of these to "yes" if the corresponding TLS version is not
-## sufficiently secure for your needs
+## Set any of these to "yes" if the corresponding TLS version
+## is not sufficiently secure for your needs
 #
 #tls_no_tlsv1 no
 #tls_no_tlsv1.1 no
@@ -232,17 +232,32 @@
 
 #
 ## Authenticate using SASL AUTHENTICATE PLAIN
+## (instead of the default IMAP LOGIN mechanism)
 ##
-## The following authentication username and password are used
-## along with the username from the client as the authorization
-## identity.  In order to avoid having the service wide open (no
-## password needed from the client), the client is required to
-## send the auth_shared_secret in leiu of a user password.
+## There are two ways this can be used:
 ##
+##    1) Send the username and password to the upstream
+##       server for a typical proxied login
+##
+##    2) Send a pre-configured authorization identity along
+##       with the client's authentication identity (username)
+##
+## For the typical (1) usage, uncomment and make sure
+## auth_sasl_mech is set to "plain"
+##
+## To use a static authorization identity (2), set
+## auth_sasl_plain_username and auth_sasl_plain_password
+## with the needed credentials and enter a shared secret
+## in auth_shared_secret which is required so that the service
+## is not wide open: the client must still provide this secret
+## in leiu of a user password.
+##
 ## NOTE: This functionality *assumes* that the server supports
 ##       AUTHENTICATE PLAIN, and it does *not* verify this by
 ##       looking at the server's capabilities list.
 #
+#auth_sasl_mech plain
+#
 #auth_sasl_plain_username
 #auth_sasl_plain_password
 #auth_shared_secret
@@ -266,5 +281,5 @@
 ## Default if unset is AF_UNSPEC for both A and AAAA.
 #
 #ipversion_only 6
- 
 
+

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



