(RADIATOR) Feature Request: <AuthBy IMAPS>
Mike McCauley
mikem at open.com.au
Fri Nov 12 19:33:18 CST 2004
Hello Charly,
Nice work.
I took the liberty of adding support for encrypted private key files with
SSLCAClientKeyPassword and testing with TTLS-PAP.
The new version, plus a sample config file is attached.
Ill add it to the patches and the next release when you are ready?
Cheers.
On Saturday 13 November 2004 10:08, Karl Gaissmaier wrote:
> Hi Mike and all other radiator lovers,
>
> Karl Gaissmaier schrieb:
>
> ...
>
> > I'll send you, until the end of 2004 (hopefully), a
> > new AuthByIMAP and AuthByPOP3 with SSL support without
> > overriding the handle_request().
>
> christmas time, jingle bell
>
> here is the AuthIMAP2 with SSL support.
>
> Mike, Hugh and other perl hackers please review this
> small piece of software if you find time.
>
> Questions and corrections about he implementation welcome.
>
> When you accept this modul, AuthPOP3(2) will
> be very easy, nearly just a one2one replacement
> of the underlying email client CPAN modul.
>
> Best regards
> Charly
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AuthIMAP2.pm
Type: application/x-perl-module
Size: 6339 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20041113/47ede834/attachment.bin>
-------------- next part --------------
# imap.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with IMAP authentication
# a simple system. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# This example will authenticate from an IMAP server.
# And it will print out what its doing in great detail.
# Only PAP authentication is supoprted by AuthBy IMAP
#
# Requires Mail::IMAPClient 2.2.5 or better from CPAN.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# of all the features and syntax.
#
# You should consider this file to be a starting point only
# $Id: imap.cfg,v 1.1 2002/11/07 04:10:47 mikem Exp $
Foreground
LogStdout
LogDir .
DbDir .
# User a lower trace level in production systems:
Trace 4
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy IMAP2>
# Host specifies the name or address of the IMAP server to use
# You should set this to suit your own site
Host localhost
# This prevents looking for DEFAULT users if the
# first authentication fails
NoDefault
# If Debug is set, IMAPClient will print details
# of its communications to stdout
# Debug 1
# Timeout specifies a timeout in seconds, If the IMAP
# server does not respond in this time, the authentication
# will fail.
# Defaults to 10 seconds
# Timeout 2
# Port specifies the number of the IMAP port to use on
# Host.
# Defaults to 143, or 993 if UseSSL
# Port 9000
# You can tell AuthBy IMAP to use SSL to connect to
# the IMAP server:
UseSSL
# You can also set these parameters if client
# verification is required with UseSSL. is
# SSLVerify can be none, optional or require.
# Defaults to none
SSLVerify none
# If you want to verify that the peer certificate has been signed
# by a reputable certificate authority, then you should use this
# option to locate the file containing the certificate(s) of the
# reputable certificate authorities if it is not already in the
# file certs/my-ca.pem
#SSLCAFile %D/certificates/demoCA/cacert.pem
# If you are unusually friendly with the OpenSSL documentation, you
# might have set yourself up a directory containing several trusted
# certificates as separate files as well as an index of the cer-
# tificates. If you want to use that directory for validation pur-
# poses, and that directory is not ca/, then use this option to
# point IO::Socket::SSL to the right place to look.
#SSLCAPath
# If your SSL certificate is not in the default place
# (certs/server-cert.pem for servers, certs/client-cert.pem for
# clients), then you should use this option to specify the location
# of your certificate. Note that a key and certificate are only
# required for an SSL server, so you do not need to bother with
# these trifling options should you be setting up an unauthenti-
# cated client.
#SSLCAClientCert %D/certificates/cert-clt.pem
# If your RSA private key is not in default place
# (certs/server-key.pem for servers, certs/client-key.pem for
# clients), then this is the option that you would use to specify a
# different location. Keys should be PEM formatted,
# If a passwrod is required to decode the private key
# file, specifiy the password in SSLCAClientKeyPassword
#SSLCAClientKey %D/certificates/cert-clt.pem
#SSLCAClientKeyPassword whatever
# If you also require authentication of TTLS-PAP by IMAP,
# set the following parameters. See
# goodies/eap_ttls.cfg for documentation
EAPType TTLS
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
</AuthBy>
</Realm>
More information about the radiator
mailing list