On 5/2/07, Eric erdv38@gmail.com wrote:
Thank you for your answer. What do you mean by "you may as well use 2" ? You mean both authentication options ? I though we have to decide in dovecot.conf to use one option or another one... I do force the use of my webserver (lighttpd) through https. My question was the best option between plain/PAM and cram-md5 authentications "locally".
the login information between squirrelmail and imaps could besecured, but that communication is only occuring on the 'localhost' typically you would only worry about imap communications when the webserver and the imap server are not on the same machine. (as well as when the smtp server is not) to protect the passwords on the wire.
in the end http://en.wikipedia.org/wiki/CRAM-MD5 is superior security to login-plain text
-- Gabriel Millerd