Section 3.58. <AuthBy POP3>

3.58. <AuthBy POP3>

This clause authenticates from a POP3 server, according to RFC1939. It requires the Mail::POP3Client Perl module version 2.9 or better. It is part of CPAN. For more information, see Section 2.1.2. CPAN. It supports both plaintext and APOP authentication in the POP server. There is an example configuration file in goodies/pop3.cfg. <AuthBy POP3> was mostly contributed by Karl Gaissmaier.

<AuthBy POP3> can support SSL or non-SSL connections to the POP3 server. Use of SSL connections requires IO::Socket::SSL from CPAN and OpenSSL. For more information about CPAN, see Section 2.1.2. CPAN.

<AuthBy POP3> only supports PAP authentication in incoming RADIUS requests. CHAP and MS-CHAP are not supported, since the plaintext password is not available within Radiator.

<AuthBy POP3> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.32. <AuthBy xxxxxx>.

3.58.1. Host

This parameter specifies the host name of the POP server. Defaults to 'pop3'.

Host your.pop.server.com

3.58.2. Port

This optional parameter specifies the port number to contact on the POP server. Defaults to 110, the standard pop3 port.

Port 9000

3.58.3. LocalAddr

This optional parameter allows you to specify what local internet address (an optionally port) to bind to. Format is 'xxx.xxx.xxx.xxx[:xx]'.

LocalAddr 203.63.154.2

3.58.4. AuthMode

This optional parameter specifies what types of POP authentication to permit.

PASS means use plaintext passwords
APOP means use APAP (MD5 encrypted) passwords
BEST means use APOP if possible, else PASS

Defaults to BEST.

AuthMode APOP

3.58.5. Timeout

This optional parameter specifies a timeout in seconds. If the connection to the POP server is not complete within this time, the authentication will fail with REJECT. Defaults to 10 seconds.

Timeout 2

3.58.6. Debug

If this optional parameter is set, Mail::POP3Client prints details of its transactions to stdout.

3.58.7. SSLVerify

This optional parameter specifies what sort of SSL server verification that AuthBy POP3 will demand from the POP3 server. The options are ‘none’, ‘optional’ or ‘require’. Defaults to IO::Socket:SSL default.

SSLVerify require

3.58.8. SSLCAFile

Use this option to locate the file containing the certificates of the trusted certificate authorities. Thus, you can verify that the server certificate has been signed by a reputable certificate authority. Special characters are permitted.

Here is an example of using SSLCAFile:

SSLCAFile %D/certificates/demoCA/cacert.pem

3.58.9. SSLCAPath

SSLCAPath parameter specifies the name of a directory containing CA root certificates that may be required to validate TLS client certificates. Radiator looks for root certificates first in SSLCAFile, then in SSLCAPath, so there usually is no need to set both. When Certificate Revocation List (CRL) checks are enabled, this directory is also used by TLS library to look for CRL files.

Special characters are supported.The certificates and CRLs must be in PEM format, one per file. The file name has a special format. Setting up this directory is described in Setting up this directory is described in Section 3.11.3. TLS_CAPath.

Here is an example of using SSLCAPath:

SSLCAPath %D/cadirectory

3.58.10. SSLCAClientCert

This optional parameter specifies the location of the SSL client certificate that this LDAP connection uses to verify itself with the server. If SSL client verification is not required, then this option does not need to be specified. Special characters are permitted.

Here is an example of using SSLCAClientCert:

SSLCAClientCert %D/certificates/cert-clt.pem

3.58.11. SSLCAClientKey

This optional parameter specifies the location of the SSL private key that this connection uses to communicate with the server. If SSL client verification is not required, then this option does not need to be specified. Special characters are permitted.

It is common for the SSL client private key to be in the same file as the client certificate. In that case, both SSLCAClientCert and SSLCAClientKey refer to the same file.

If SSLCAClientKey contains a private key in encrypted format, you need to specify the decryption password in SSLCAClientKeyPassword.

Here is an example of using SSLCAClientKey:

SSLCAClientKey %D/certificates/cert-clt.pem

3.58.12. SSLCAClientKeyPassword

If the SSLCAClientKey contains an encrypted private key, then you must specify the decryption password with this parameter. If a key is required, you will generally have been given the password by whoever provided the private key and certificate.

SSLCAClientKeyPassword whatever