[Dovecot] Best authentication option
john.robinson at anonymous.org.uk
Wed May 2 14:42:08 EEST 2007
On 02/05/2007 12:13, Eric wrote:
> Dear Dovecot experts,
> I have a small home server debian based, with postfix/dovecot/squirrelmail
> installed locally and working. Dovecot is used non-secured (no imaps) but
> only on the 192.168.0.100 address (address of the server on the local
> network). I want to use squirrelmail to read my email from outside.
> Squirrelmail can configured to access it in particular, either through
> cram-md5 or login auths.
> In that situation, is it better (I mean more secure) to use : 1) auth
> mechanim = cram-md5 or 2) auth mechanism = plain (using PAM authentication
> for dovecot) ? That will determine my dovecot configuration.
What Squirrelmail can do doesn't matter, you need to get your web server
using SSL, so your password is encrypted going over the 'net to get to
your home server. Then you may as well use 2.
More information about the dovecot