[Dovecot] Best authentication option
Dear Dovecot experts, I have a small home server debian based, with postfix/dovecot/squirrelmail installed locally and working. Dovecot is used non-secured (no imaps) but only on the 192.168.0.100 address (address of the server on the local network). I want to use squirrelmail to read my email from outside. Squirrelmail can configured to access it in particular, either through cram-md5 or login auths. In that situation, is it better (I mean more secure) to use : 1) auth mechanim = cram-md5 or 2) auth mechanism = plain (using PAM authentication for dovecot) ? That will determine my dovecot configuration. Thank you Eric
Re: [Dovecot] Best authentication option
On 02/05/2007 12:13, Eric wrote: Dear Dovecot experts, I have a small home server debian based, with postfix/dovecot/squirrelmail installed locally and working. Dovecot is used non-secured (no imaps) but only on the 192.168.0.100 address (address of the server on the local network). I want to use squirrelmail to read my email from outside. Squirrelmail can configured to access it in particular, either through cram-md5 or login auths. In that situation, is it better (I mean more secure) to use : 1) auth mechanim = cram-md5 or 2) auth mechanism = plain (using PAM authentication for dovecot) ? That will determine my dovecot configuration. What Squirrelmail can do doesn't matter, you need to get your web server using SSL, so your password is encrypted going over the 'net to get to your home server. Then you may as well use 2. Cheers, John.
Re: [Dovecot] Best authentication option
On 5/2/07, Eric [EMAIL PROTECTED] wrote: Thank you for your answer. What do you mean by you may as well use 2 ? You mean both authentication options ? I though we have to decide in dovecot.conf to use one option or another one... I do force the use of my webserver (lighttpd) through https. My question was the best option between plain/PAM and cram-md5 authentications locally. the login information between squirrelmail and imaps could be secured, but that communication is only occuring on the 'localhost' typically you would only worry about imap communications when the webserver and the imap server are not on the same machine. (as well as when the smtp server is not) to protect the passwords on the wire. in the end http://en.wikipedia.org/wiki/CRAM-MD5 is superior security to login-plain text -- Gabriel Millerd
