[Dovecot] Best authentication option

Eric erdv38 at gmail.com
Wed May 2 14:38:04 EEST 2007

Thank you for your answer. What do you mean by "you may as well use 2" ?
You mean both authentication options ? I though we have to decide in
dovecot.conf to use one option or another one...
I do force the use of my webserver (lighttpd) through https. My question
was the best option between plain/PAM and cram-md5 authentications

> On 02/05/2007 12:13, Eric wrote:
>> Dear Dovecot experts,
>> I have a small home server debian based, with
>> postfix/dovecot/squirrelmail
>> installed locally and working. Dovecot is used non-secured (no imaps)
>> but
>> only on the address (address of the server on the local
>> network). I want to use squirrelmail to read my email from outside.
>> Squirrelmail can configured to access it in particular, either through
>> cram-md5 or login auths.
>> In that situation, is it better (I mean more secure) to use : 1) auth
>> mechanim = cram-md5 or 2) auth mechanism = plain (using PAM
>> authentication
>> for dovecot) ? That will determine my dovecot configuration.
> What Squirrelmail can do doesn't matter, you need to get your web server
> using SSL, so your password is encrypted going over the 'net to get to
> your home server. Then you may as well use 2.
> Cheers,
> John.

More information about the dovecot mailing list