Is there a way to change the IMAP authentication to none? I see that it's an option for SMTP but not IMAP.
How would you propose you login to the IMAP server then? ;) "login" is the default and is what is used for plain text logins.
proxyauth maybe?
I just spent an hour googling for PROXYAUTH, didn't find too much, a few
bits on LDAP, and some on HTTP... Searched for IMAP PROXYAUTH, found some
stuff about iPlanet, Sun's mail services (a bit like Exchange from a quick
overview).
I wouldn't compare iPlanet to Exchange, except that Microsoft likes to advertise Exchange as an Enterprise Messaging server. Sun touts the largest enterprise install base (22%). I wouldn't credit their market share to good marketing, but rather their messaging software is rock solid and scales very well. However it does suffer from relatively poor documentation, and the fact that the name of the product changes every other year (PMDF, Netscape iPlanet, SunOne, and now, Java System Messaging Server) doesn't help google searches on the product.
http://www.sun.com/software/products/messaging_srvr/home_messaging.xml
> Further searching found a posting by Mark Crispin from January
on the c-client mailing list saying PROXYAUTH was... erm... dead.
http://article.gmane.org/gmane.mail.imap.uw.c-client/620
Could you provide more information, or an example?
iPlanet does support an IMAP command 'PROXYAUTH'. Here's how it works:
1 LOGIN adminuser adminpass
2 PROXYAUTH normaluser
... which gives you an authenticated session into the normal user's IMAP account. You can hand this session over to the user since the session can't go back to being logged in as the admin user.
The benefit to this is that you don't need to know the user's password to login as that user, which means that you don't need to store it in LDAP in plain text. The disadvantages are that PROXYAUTH is not widely supported (and probably deprecated as you suggest), and that you have to maintain the security of the "super-user" account(s).
I'm still researching the different types of authentication mechanisms for iPlanet's implementation of IMAP. Specifically, I'm trying to integrate various webmail solutions (iPlanet as well as squirrelmail) with pubcookie.
iPlanet supports CRAM-MD5, DIGEST-MD5 and APOP SASL, but they (or at least Sun's implementation of them) require that the users' passwords be stored in plain text in LDAP, which it unacceptable.
The only other option is to use certificate-based authentication. This would require that I would need to create my own certificate authority that would generate "junk" certificates on the fly so that squirrelmail could present them to the IMAP server during the TLS negotiation. I still need to work out the details of this implementation, but needless to say, it would be a lot of overhead. Furthermore, it took about 5 lines of new code in imap_general.php in order to implement proxyauth in squirrelmail :)
Sorry, I got way off topic. My final point is in response to:
>How would you propose you login to the IMAP server then? ;) "login" is >the default and is what is used for plain text logins.
... there are other ways to login other than "login" ;)
// jesse
------------------------------------------------------- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
