3.59. <AuthBy IMAP>

This clause authenticates from an IMAP server. It requires the Mail::IMAPClient Perl module version 2.2.5 or better. It is part of CPAN. For more information, see Section 2.1.2. CPAN. There is an example configuration file in goodies/imap.cfg. <AuthBy IMAP> was mostly contributed by Karl Gaissmaier.
<AuthBy IMAP> can support SSL or non-SSL connections to the IMAP server. Use of SSL connections requires IO::Socket::SSL from CPAN and OpenSSL. For more information about CPAN, see Section 2.1.2. CPAN.
<AuthBy IMAP> only supports PAP authentication in incoming RADIUS requests. CHAP and MS-CHAP are not supported, since the plaintext password is not available within Radiator.
<AuthBy IMAP> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.32. <AuthBy xxxxxx>.

3.59.1. Host

This parameter specifies the host name of the IMAP server.
Host your.imap.server.com

3.59.2. Port

This optional parameter specifies the port number to contact on the IMAP server. Defaults to 143, the standard imap port.
Port 9000

3.59.3. LocalAddr

Local host bind address.

3.59.4. Timeout

This optional parameter specifies a timeout in seconds. If the connection to the IMAP server is not complete within this time, the authentication will fail with REJECT. Defaults to 10 seconds.
Timeout 2

3.59.5. Debug

If this optional parameter is set, Mail::IMAPClient prints details of its transactions to stdout.

3.59.6. SSLVerify

This optional parameter specifies what sort of SSL server verification that AuthBy IMAP will demand from the IMAP server. The options are ‘none’, ‘optional’ or ‘require’. Defaults to IO::Socket::SSL default.
SSLVerify require

3.59.7. SSLCAFile

Use this option to locate the file containing the certificates of the trusted certificate authorities. Thus, you can verify that the server certificate has been signed by a reputable certificate authority. Special characters are permitted.
Here is an example of using SSLCAFile:
SSLCAFile %D/certificates/demoCA/cacert.pem

3.59.8. SSLCAPath

SSLCAPath parameter specifies the name of a directory containing CA root certificates that may be required to validate TLS client certificates. Radiator looks for root certificates first in SSLCAFile, then in SSLCAPath, so there usually is no need to set both. When Certificate Revocation List (CRL) checks are enabled, this directory is also used by TLS library to look for CRL files.
Special characters are supported.The certificates and CRLs must be in PEM format, one per file. The file name has a special format. Setting up this directory is described in Setting up this directory is described in Section 3.11.3. TLS_CAPath.
Here is an example of using SSLCAPath:
SSLCAPath %D/cadirectory

3.59.9. SSLCAClientCert

This optional parameter specifies the location of the SSL client certificate that this LDAP connection uses to verify itself with the server. If SSL client verification is not required, then this option does not need to be specified. Special characters are permitted.
Here is an example of using SSLCAClientCert:
SSLCAClientCert %D/certificates/cert-clt.pem

3.59.10. SSLCAClientKey

This optional parameter specifies the location of the SSL private key that this connection uses to communicate with the server. If SSL client verification is not required, then this option does not need to be specified. Special characters are permitted.
It is common for the SSL client private key to be in the same file as the client certificate. In that case, both SSLCAClientCert and SSLCAClientKey refer to the same file.
If SSLCAClientKey contains a private key in encrypted format, you need to specify the decryption password in SSLCAClientKeyPassword.
Here is an example of using SSLCAClientKey:
SSLCAClientKey %D/certificates/cert-clt.pem

3.59.11. SSLCAClientKeyPassword

If the SSLCAClientKey contains an encrypted private key, then you must specify the decryption password with this parameter. If a key is required, you will generally have been given the password by whoever provided the private key and certificate.
SSLCAClientKeyPassword whatever