Re: [gentoo-user] OT - Dovecot and authentication
On Wed, 2006-07-19 at 10:53 -0700, kashani wrote: > Michael Sullivan wrote: > > I've got a problem; My Dovecot installation uses plain text > > authentication. I don't like the idea of unencrypted passwords being > > sent over the Internet, so I want to switch to a different > > authentication method. I'm mainly worried about my webmail client. I > > configured Apache last week for SSL access to the webmail client > > (Squirrelmail), but my Windows users have been saying that they haven't > > been able to access Squirrelmail since last week before I converted it > > to SSL. I tried it myself in Windows. Windows said it couldn't even > > find my domain. After I turned off the SSL, Windows found it. I need > > something else. The Dovecot wiki mentions several other authentication > > methods (cram-md5 looks promising), but it doesn't say how to set up a > > cram-md5 database. Can anyone direct me on how to do this? > > > > Do you have a real SSL cert and if so was it from a cheap provider? In > many case the SSL root cert for that provider is not within IE which can > break things. The fix is to add that particular SSL cert providers > intermediate.crt. It's probably somewhere on their site along with > directions on how to add it to Apache. > > kashani I'm using a self-signed certificate. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Dovecot and authentication
Michael Sullivan wrote: I've got a problem; My Dovecot installation uses plain text authentication. I don't like the idea of unencrypted passwords being sent over the Internet, so I want to switch to a different authentication method. I'm mainly worried about my webmail client. I configured Apache last week for SSL access to the webmail client (Squirrelmail), but my Windows users have been saying that they haven't been able to access Squirrelmail since last week before I converted it to SSL. I tried it myself in Windows. Windows said it couldn't even find my domain. After I turned off the SSL, Windows found it. I need something else. The Dovecot wiki mentions several other authentication methods (cram-md5 looks promising), but it doesn't say how to set up a cram-md5 database. Can anyone direct me on how to do this? Do you have a real SSL cert and if so was it from a cheap provider? In many case the SSL root cert for that provider is not within IE which can break things. The fix is to add that particular SSL cert providers intermediate.crt. It's probably somewhere on their site along with directions on how to add it to Apache. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT - Dovecot and authentication
On Wed, 19 Jul 2006 10:49:44 -0500, Michael Sullivan wrote: > > You need to fix the SSL/Windows/SquirrelMail problem, otherwise your > > users will be sending plain text passwords across the Internet, no > > matter how SquirrelMail communicates with Dovecot. > > What problem? I could connect to Squirrelmail just fine from Seamonkey > in Linux. The problem is Windows. I don't do Windows. If you run a server that will be accessed from Windows, you are "doing" Windows and have to fix the problem. Otherwise, no matter how secure the communication between SquirrelMail and Dovecot, your users' passwords will be transmitted over the net in plain text. I've just tried to connect to SquirrelMail over HTTPS from a default XP+SP2 installation and it worked fine. Unless all your users have identically misconfigured/broken computers, the fault is likely to be in your Apache or SquirrelMail configuration. -- Neil Bothwick IRQs? We don't need no stinking IRQs! signature.asc Description: PGP signature
Re: [gentoo-user] OT - Dovecot and authentication
On Wed, 2006-07-19 at 16:07 +0100, Neil Bothwick wrote: > On Wed, 19 Jul 2006 09:52:40 -0500, Michael Sullivan wrote: > > > I've got a problem; My Dovecot installation uses plain text > > authentication. I don't like the idea of unencrypted passwords being > > sent over the Internet, so I want to switch to a different > > authentication method. I'm mainly worried about my webmail client. I > > configured Apache last week for SSL access to the webmail client > > (Squirrelmail), > > Are SquirrelMail and Dovecot running on the same box? If so, the > unencrypted passwords are only being used within that box, between > SquirrelMail and Dovecot. > > > but my Windows users have been saying that they haven't > > been able to access Squirrelmail since last week before I converted it > > to SSL. > > You need to fix the SSL/Windows/SquirrelMail problem, otherwise your > users will be sending plain text passwords across the Internet, no matter > how SquirrelMail communicates with Dovecot. What problem? I could connect to Squirrelmail just fine from Seamonkey in Linux. The problem is Windows. I don't do Windows. -- gentoo-user@gentoo.org mailing list