On Sun, 11 Nov 2007 22:28:52 +1100 Peter Fern <[EMAIL PROTECTED]> wrote:
> Bjørn T Johansen wrote: > > I have enabled SSL support for my dovecot installation but if I enable > > secure authentication in my MUA, I get > > an error from dovecot telling me that this is not supported.. > > > > Is this because dovecot does not support this or am I missing some config? > > > > SSL and secure passwords are different things - if you've enabled SSL on > the client, secure passwords are redundant really - the whole connection > is encrypted. Secure password authentication is only supported by > dovecot when your backend password store is in unencrypted plain text - > the client hashes the password, which is compared to a hash generated by > the server. If memory serves, SPA is based on NTLM, hence the > requirement for plaintext in the backend for generation of the hash, > though I suppose if you were storing NTLM hashes it could be made to > work. Personally, I prefer to have the passwords securely encrypted in > the backend though, and so rely on SSL for securing the connection, > disregarding SPA entirely. Yes, thanks for all the replies.... It was all a misunderstanding on my part about what secure authentication really was but SSL is up and working anyway.... :) BTJ