Bjørn T Johansen wrote:
I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an error from dovecot telling me that this is not supported..
Is this because dovecot does not support this or am I missing some config?
SSL and secure passwords are different things - if you've enabled SSL on the client, secure passwords are redundant really - the whole connection is encrypted. Secure password authentication is only supported by dovecot when your backend password store is in unencrypted plain text - the client hashes the password, which is compared to a hash generated by the server. If memory serves, SPA is based on NTLM, hence the requirement for plaintext in the backend for generation of the hash, though I suppose if you were storing NTLM hashes it could be made to work. Personally, I prefer to have the passwords securely encrypted in the backend though, and so rely on SSL for securing the connection, disregarding SPA entirely.