Lyndon Nerenberg <[EMAIL PROTECTED]> writes: >> Well, that is exactly what I want to do. I use the system passwords >> for imap anyway, so why not? Of course, the channel must be protected >> by SSL/TLS when you do that. > >Because there are a large number of IMAP clients that are not aware of >LOGINDISABLED, and which will blindly attempt LOGIN or AUTH PLAIN in >the absence of TLS (which they are not aware of, either). Many IMAP >clients predate RFC3501. So those passwords (with the matching >authentication ids) are going to be flying around the Internet in the >clear no matter what you do. Using the UNIX account password for IMAP >(or POP) in this manner makes your system effectively password free.
You have a way with words, but I think you are exaggerating slighly. I have never allowed plaintext IMAP/POP. Wouldn't dream of it. The client is Thunderbird. The default IMAP configuration will use plaintext passwords, but only if it talks to an IMAP server that does not support TLS, but see above. Also, I always use imaps/993, and not TLS on 143. I don't fell comfortable using a password over a connection that is "encrypted, if possible". But I must thank you for reminding me to disable port 143, -- Fredrik Stax\"ang | rot13: [EMAIL PROTECTED] This is all you need to know about vi: ESC : q ! RET
