[Dovecot] Best authentication option

Gabriel Millerd gmillerd at gmail.com
Wed May 2 15:48:40 EEST 2007

On 5/2/07, Eric <erdv38 at gmail.com> wrote:
> Thank you for your answer. What do you mean by "you may as well use 2" ?
> You mean both authentication options ? I though we have to decide in
> dovecot.conf to use one option or another one...
> I do force the use of my webserver (lighttpd) through https. My question
> was the best option between plain/PAM and cram-md5 authentications
> "locally".
    the login information between squirrelmail and imaps could be
secured, but that communication is only occuring on the 'localhost'
typically you would only worry about imap communications when the
webserver and the imap server are not on the same machine. (as well as
when the smtp server is not) to protect the passwords on the wire.

   in the end http://en.wikipedia.org/wiki/CRAM-MD5 is superior
security to login-plain text

Gabriel Millerd

More information about the dovecot mailing list