On Sun, 11 Nov 2007 22:28:52 +1100 Peter Fern dovecot@obfusc8.org wrote:
Bjørn T Johansen wrote:
I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an error from dovecot telling me that this is not supported..
Is this because dovecot does not support this or am I missing some config?
SSL and secure passwords are different things - if you've enabled SSL on the client, secure passwords are redundant really - the whole connection is encrypted. Secure password authentication is only supported by dovecot when your backend password store is in unencrypted plain text - the client hashes the password, which is compared to a hash generated by the server. If memory serves, SPA is based on NTLM, hence the requirement for plaintext in the backend for generation of the hash, though I suppose if you were storing NTLM hashes it could be made to work. Personally, I prefer to have the passwords securely encrypted in the backend though, and so rely on SSL for securing the connection, disregarding SPA entirely.
Yes, thanks for all the replies.... It was all a misunderstanding on my part about what secure authentication really was but SSL is up and working anyway.... :)
BTJ