* On 14/09/06 21:20 +0200, Anand Buddhdev wrote:
| On Thursday 14 September 2006 21:13, Odhiambo WASHINGTON wrote:
|
| Hi Wash,
|
| > Hi John,
| >
| > Let me understand this correctly.
| >
| > You're saying IMAPS will work with a setting such as below??
| >
| > auth default {
| > mechanisms = digest-md5
| > passdb pam {
| > args = *
| > }
| > userdb passwd {
| > args = /etc/master.passwd
| > }
| >
| > If yes, then I am inclined to ask why POP3S would not work with the
| > same.
| >
| > Sorry, questions still dumb ;)
|
| The above can't work (for POP or IMAP). For the DIGEST-MD5 auth
| mechanism to work, Dovecot needs access to the plain text password.
| However, the password is stored in an encrypted form
| in /etc/master.passwd. With encrypted password in /etc/master.passwd,
| you can only use the PLAIN mechanism.
|
| What John was saying is that since the password has to be transmitted in
| the clear for PLAIN, it's better to use transport-level security, ie.
| IMAPS and POP3S.
Hi Anand,
Thank you very much for the clarification.
I have a setup where I have both the cleartext password and
encrypted (md5 hash) password in a mysql database.
In this situation it would be possible to use digest-md5, yes?
But this would mean that any user not using secure authentication will fail
to authenticate or is it possible to configure dovecot to start with
a secure auth mechanism, but fall back to some none secure mechanism
in case the default one fails (although it's stupid to do this)?
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington