From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1FCfPi-0001Kd-9I for garchives@archives.gentoo.org; Fri, 24 Feb 2006 16:03:26 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id k1OG2NF4010379; Fri, 24 Feb 2006 16:02:23 GMT Received: from bullet.espersunited.com (adsl-64-149-52-102.dsl.tul2ok.sbcglobal.net [64.149.52.102]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id k1OFw3YN003499 for ; Fri, 24 Feb 2006 15:58:04 GMT Received: from camille.espersunited.com ([192.168.1.1]) by bullet.espersunited.com (8.13.4/8.13.4) with ESMTP id k1OFw3vb024555 for ; Fri, 24 Feb 2006 09:58:03 -0600 Subject: Re: [gentoo-user] OT - 2 Questions From: Michael Sullivan To: gentoo-user@lists.gentoo.org In-Reply-To: <200602232353.33538.bulliver@badcomputer.org> References: <1140723385.2914.5.camel@camille.espersunited.com> <200602232353.33538.bulliver@badcomputer.org> Content-Type: text/plain Date: Fri, 24 Feb 2006 09:58:56 -0600 Message-Id: <1140796737.10452.6.camel@camille.espersunited.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.4.2.1 Content-Transfer-Encoding: 7bit X-Archives-Salt: e1c59191-7442-46c0-b934-2d1ae0aa9146 X-Archives-Hash: fe1b069d7f179da39124122b9c5e7a29 On Thu, 2006-02-23 at 23:53 -0800, darren kirby wrote: > quoth the Michael Sullivan: > > I upgraded dovecot the other day to 1.0.beta3 and I was altering the > > configuration file trying to get it to work when I discovered something > > disturbing: our passwords were being trasmitted unencrypted across the > > Internet! > > Well, strait from the RFC we learn that POP3 protocol is plain text. > > Before settling on digest-md5 (or any other method) for authentication you may > want to check that the clients you will be using support it. This > documentation will get you up to speed on your options: > http://wiki.dovecot.org/Authentication > > -d Based on what I read at the link you sent me, I think what I want is the following: CRAM-MD5: Protects the password in transit against eavesdroppers. Somewhat good support in clients. The problem is that the web site doesn't tell me how to create a CRAM-MD5 password database... -- gentoo-user@gentoo.org mailing list