Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Had to enable LOGIN auth (with TLS), will I have security issues?
  •  
costasppc

Messages: 21
Karma: 1
Send a private message to this user
Hello,

In order to make a notification system to work, I had to enable LOGIN authentication to Kerio.

The system uses TLS and port 587, but supports only LOGIN auth method.

Before that, I had only CRAM and DIGEST MD5 auth methods.

My questions:

1. Will I have security issues (I guess not)

2. Can I enable only a specific user to use this method, or is it server-wide?

Best regards

Kostas

ACT, ACTC 10.6
  •  
Ernesto (Kerio)

Messages: 90
Karma: 7
Send a private message to this user
1. It is always more secure to use CRAM-MD5 and DIGEST-MD5 to prevent usernames and passwords to be transferred in the clear over the wire (network). However, by using and enforcing encryption (SSL/TLS), it will ensure that all data transferred over the network is encrypted, including usernames and passwords.

2. You can force individual or groups of IP addresses to use CRAM-MD5 and DIGEST-MD5 and also to use SSL/TLS. This can be configured in Configuration->Advanced Options, Security Policy tab. The "Security Policy" section allows you to enforce (or not) secure authentication (CRAM-MD5 and DIGEST-MD5) or encrypted connections (SSL/TLS). This policy can be applied to a predefined group that may include multiple or a single IP address. The second section, "Enabled authentication methods", allows you to select up to four authentication methods to be offered (negotiated) with clients when they connect.

Sales Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
costasppc

Messages: 21
Karma: 1
Send a private message to this user
Thank you,

If I am not mistaken, if I set "Allow Unsecure authentication from IP address group" and set one IP group, only this group can use LOGIN auth and not the others?

I would like the LOGIN auth not to be presented to others.

Best regards

Kostas

ACT, ACTC 10.6
  •  
Ernesto (Kerio)

Messages: 90
Karma: 7
Send a private message to this user
That's right. My previous post on #2 item was not correct. I should have said:

"...The "Security Policy" section allows you to enforce (or not) secure authentication (CRAM-MD5 and DIGEST-MD5) or encrypted connections (SSL/TLS). Selecting to "Require Secure Authentication" or "Require Encrypted Connection" will be applied to all client connections, unless you define an exception by selecting predefined group that may include multiple or a single IP address to exclude from the requirement..."

Sales Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
costasppc

Messages: 21
Karma: 1
Send a private message to this user
Thank you Ernesto,

I will check to see if it works.

Best regards

Kostas

ACT, ACTC 10.6
Previous Topic: XMPP Service not Starting
Next Topic: Apple Mail gets SMTP error if not on same network as Kerio server
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 16:42:39 CEST 2017

Total time taken to generate the page: 0.00422 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.