[Dovecot] Best authentication option
gmillerd at gmail.com
Wed May 2 15:48:40 EEST 2007
On 5/2/07, Eric <erdv38 at gmail.com> wrote:
> Thank you for your answer. What do you mean by "you may as well use 2" ?
> You mean both authentication options ? I though we have to decide in
> dovecot.conf to use one option or another one...
> I do force the use of my webserver (lighttpd) through https. My question
> was the best option between plain/PAM and cram-md5 authentications
the login information between squirrelmail and imaps could be
secured, but that communication is only occuring on the 'localhost'
typically you would only worry about imap communications when the
webserver and the imap server are not on the same machine. (as well as
when the smtp server is not) to protect the passwords on the wire.
in the end http://en.wikipedia.org/wiki/CRAM-MD5 is superior
security to login-plain text
More information about the dovecot