Differences

This shows you the differences between two versions of the page.

--- config:sbbsecho.ini [2018/06/28 15:48] – Updated with a lot of missing info/keys digital man
+++ config:sbbsecho.ini [2019/06/16 22:40] – [BinkP Section] Added new PlainTextOnly option digital man
@@ Line 1: / Line 1: @@
-====== sbbsecho.ini ======
+====== sbbsecho.ini file ======
-''[[dir:ctrl]]/sbbsecho.ini'' is the default configuration filename used by [[util:SBBSecho]] version 3 and [[module:BinkIT]] version 2. While other configuration filenames may be passed-to and used-by SBBSecho, the format must be the same [[ini_files|.ini format]] and only one configuration file may be used per invocation of SBBSecho.
+''[[dir:ctrl]]/sbbsecho.ini'' is the default configuration filename used by [[util:SBBSecho]] version 3, [[module:BinkIT]] version 2, and [[module:TickIT]] version 1. While other configuration filenames may be passed-to and used-by SBBSecho, the format must be the same [[ini_files|.ini format]] and only one configuration file may be used per invocation of SBBSecho.
 The current default ''sbbsecho.ini'' file can be downloaded from CVS [[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/sbbsecho.ini|here]].
@@ Line 81: / Line 81: @@
 The ''[BinkP]'' section is used for BinkP-specific global settings (i.e. used exclusively by [[module:BinkIT]] version 2):
-^ Key                              ^ Default Value ^ Description ^
+^ Key           ^ Default Value ^ Description ^
-| Capabilities                     | <blank>       | If set, changes the text in the ''M_NUL NDL'' line from the default of “115200,TCP,BINKP” |
+| Capabilities  | <blank>       | If set, changes the text in the ''M_NUL NDL'' line from the default of “115200,TCP,BINKP” |
-| Sysop                            | <blank>       | If set, over-rides the sysop name (''ZYZ'') value (e.g. to send the sysop's real name instead of alias) |
+| Sysop         | <blank>       | If set, over-rides the sysop name (''ZYZ'') value (e.g. to send the sysop's real name instead of alias) |
+| PlainAuthOnly | ''false''     | If set to ''true'', disables CRAM-MD5 authentication and encryption support for all inbound and outbound sessions (e.g. for trouble-shooting purposes) |
+| PlainTextOnly | ''false''     | If set to ''true'', disables encryption support for all inbound and outbound sessions (when set to ''false'', requires that //PlainAuthOnly// is also set to ''false'') |
 ==== Archive Sections ====
@@ Line 131: / Line 132: @@
 | ''BinkpPort''  | ''24554''    | TCP port number of this link's BinkP mailer |
 | ''BinkpPoll''  | ''false''    | Poll this link (e.g. as part of the ''BINKPOLL'' timed event) for incoming mail |
-| ''BinkpAllowPlainAuth'' | ''false''| Allow plain-password authentication for this linked node |
+| ''BinkpAllowPlainAuth'' | ''false''| Allow plain-password (in addition to CRAM-MD5) when authenticating with this linked node |
-| ''BinkpAllowPlainText'' | ''false''| Allow plain-text (unencrypted) communication with this linked node |
+| ''BinkpPlainAuthOnly''  | ''false''| //Only// support plain-password authentication when connecting (outbound) with this linked node |
+| ''BinkpAllowPlainText'' | ''true'' | Allow plain-text (unencrypted) communication with this linked node |
 | ''BinkpSourceAddress''  |          | Use an alternative FTN address as the source address when communicating with this node via BinkP |
@@ Line 138: / Line 140: @@
 The wildcard ''ALL'' may replace one or more fields of the configured node's FTN address. Configured node's with wildcard addresses cannot have an Inbox our Outbox set.
-Example:
+=== Example ===
 <file>
 [node:1:218/700]
@@ Line 168: / Line 170: @@
         Route = 1:218/700
 </file>
+=== BinkP Session-Security ===
+The evolution of the BinkIT/BinkP session-security related settings has lead to a potentially confusing array of 3 interrelated Boolean options with only 4 valid combinations of values. Here is a table to explain these valid combinations and their impact on the security and interoperability of BinkP sessions with the linked-node:
+^ Security Level ^ BinkpPlainAuthOnly ^ BinkpAllowPlainAuth ^ BinkpAllowPlainText ^ Notes ^
+| Minimum        | ''true''           | ''true''            | ''true''            | Passwords and message packets will always be sent as clear-text (maximum interoperability) |
+| Normal         | ''false''          | ''true''            | ''true''            | Passwords //may// be obscured via CRAM-MD5 authentication |
+| Enhanced       | ''false''          | ''false''           | ''true''            | Passwords //must// be obscured via CRAM-MD5 authentication |
+| Maximum        | ''false''          | ''false''           | ''false''           | Passwords and message packets //must// be obscured or encrypted ((using the BinkD method of session encryption)) |
+In general, the lower the security setting, the higher the level of insured compatibility with other BinkP mailers. When debugging authentication (password) issues, it might be a good idea to use the minimum level of security and increase the security level incrementally once you have the minimum level of secured-session working with the linked-node.
+Also note: authentication is performed by the //answering// BinkP node (server/service), so while one security level may work okay for outgoing connections to a linked-node, its possible that there could be problems (incompatibilities) with incoming connections from that same linked-node. It's a good idea to test both incoming and outgoing connections with a linked-node before increasing the BinkP session security level.
 ==== Domain Sections ====

Trace:

Differences

Navigation

Search

Toolbox