* [gentoo-user] OT - Dovecot and authentication
@ 2006-07-19 14:52 Michael Sullivan
[not found] ` <20060719160741.6c61864f@hactar.digimed.co.uk>
2006-07-19 17:53 ` kashani
0 siblings, 2 replies; 5+ messages in thread
From: Michael Sullivan @ 2006-07-19 14:52 UTC (permalink / raw
To: gentoo-user
I've got a problem; My Dovecot installation uses plain text
authentication. I don't like the idea of unencrypted passwords being
sent over the Internet, so I want to switch to a different
authentication method. I'm mainly worried about my webmail client. I
configured Apache last week for SSL access to the webmail client
(Squirrelmail), but my Windows users have been saying that they haven't
been able to access Squirrelmail since last week before I converted it
to SSL. I tried it myself in Windows. Windows said it couldn't even
find my domain. After I turned off the SSL, Windows found it. I need
something else. The Dovecot wiki mentions several other authentication
methods (cram-md5 looks promising), but it doesn't say how to set up a
cram-md5 database. Can anyone direct me on how to do this?
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] OT - Dovecot and authentication
[not found] ` <20060719160741.6c61864f@hactar.digimed.co.uk>
@ 2006-07-19 15:49 ` Michael Sullivan
2006-07-19 16:32 ` Neil Bothwick
0 siblings, 1 reply; 5+ messages in thread
From: Michael Sullivan @ 2006-07-19 15:49 UTC (permalink / raw
To: gentoo-user
On Wed, 2006-07-19 at 16:07 +0100, Neil Bothwick wrote:
> On Wed, 19 Jul 2006 09:52:40 -0500, Michael Sullivan wrote:
>
> > I've got a problem; My Dovecot installation uses plain text
> > authentication. I don't like the idea of unencrypted passwords being
> > sent over the Internet, so I want to switch to a different
> > authentication method. I'm mainly worried about my webmail client. I
> > configured Apache last week for SSL access to the webmail client
> > (Squirrelmail),
>
> Are SquirrelMail and Dovecot running on the same box? If so, the
> unencrypted passwords are only being used within that box, between
> SquirrelMail and Dovecot.
>
> > but my Windows users have been saying that they haven't
> > been able to access Squirrelmail since last week before I converted it
> > to SSL.
>
> You need to fix the SSL/Windows/SquirrelMail problem, otherwise your
> users will be sending plain text passwords across the Internet, no matter
> how SquirrelMail communicates with Dovecot.
What problem? I could connect to Squirrelmail just fine from Seamonkey in Linux. The problem is Windows. I don't do Windows.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] OT - Dovecot and authentication
2006-07-19 15:49 ` Michael Sullivan
@ 2006-07-19 16:32 ` Neil Bothwick
0 siblings, 0 replies; 5+ messages in thread
From: Neil Bothwick @ 2006-07-19 16:32 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 996 bytes --]
On Wed, 19 Jul 2006 10:49:44 -0500, Michael Sullivan wrote:
> > You need to fix the SSL/Windows/SquirrelMail problem, otherwise your
> > users will be sending plain text passwords across the Internet, no
> > matter how SquirrelMail communicates with Dovecot.
>
> What problem? I could connect to Squirrelmail just fine from Seamonkey
> in Linux. The problem is Windows. I don't do Windows.
If you run a server that will be accessed from Windows, you are "doing"
Windows and have to fix the problem. Otherwise, no matter how secure the
communication between SquirrelMail and Dovecot, your users' passwords will
be transmitted over the net in plain text.
I've just tried to connect to SquirrelMail over HTTPS from a default
XP+SP2 installation and it worked fine. Unless all your users have
identically misconfigured/broken computers, the fault is likely to be in
your Apache or SquirrelMail configuration.
--
Neil Bothwick
IRQs? We don't need no stinking IRQs!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] OT - Dovecot and authentication
2006-07-19 14:52 [gentoo-user] OT - Dovecot and authentication Michael Sullivan
[not found] ` <20060719160741.6c61864f@hactar.digimed.co.uk>
@ 2006-07-19 17:53 ` kashani
2006-07-19 18:37 ` Michael Sullivan
1 sibling, 1 reply; 5+ messages in thread
From: kashani @ 2006-07-19 17:53 UTC (permalink / raw
To: gentoo-user
Michael Sullivan wrote:
> I've got a problem; My Dovecot installation uses plain text
> authentication. I don't like the idea of unencrypted passwords being
> sent over the Internet, so I want to switch to a different
> authentication method. I'm mainly worried about my webmail client. I
> configured Apache last week for SSL access to the webmail client
> (Squirrelmail), but my Windows users have been saying that they haven't
> been able to access Squirrelmail since last week before I converted it
> to SSL. I tried it myself in Windows. Windows said it couldn't even
> find my domain. After I turned off the SSL, Windows found it. I need
> something else. The Dovecot wiki mentions several other authentication
> methods (cram-md5 looks promising), but it doesn't say how to set up a
> cram-md5 database. Can anyone direct me on how to do this?
>
Do you have a real SSL cert and if so was it from a cheap provider? In
many case the SSL root cert for that provider is not within IE which can
break things. The fix is to add that particular SSL cert providers
intermediate.crt. It's probably somewhere on their site along with
directions on how to add it to Apache.
kashani
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] OT - Dovecot and authentication
2006-07-19 17:53 ` kashani
@ 2006-07-19 18:37 ` Michael Sullivan
0 siblings, 0 replies; 5+ messages in thread
From: Michael Sullivan @ 2006-07-19 18:37 UTC (permalink / raw
To: gentoo-user
On Wed, 2006-07-19 at 10:53 -0700, kashani wrote:
> Michael Sullivan wrote:
> > I've got a problem; My Dovecot installation uses plain text
> > authentication. I don't like the idea of unencrypted passwords being
> > sent over the Internet, so I want to switch to a different
> > authentication method. I'm mainly worried about my webmail client. I
> > configured Apache last week for SSL access to the webmail client
> > (Squirrelmail), but my Windows users have been saying that they haven't
> > been able to access Squirrelmail since last week before I converted it
> > to SSL. I tried it myself in Windows. Windows said it couldn't even
> > find my domain. After I turned off the SSL, Windows found it. I need
> > something else. The Dovecot wiki mentions several other authentication
> > methods (cram-md5 looks promising), but it doesn't say how to set up a
> > cram-md5 database. Can anyone direct me on how to do this?
> >
>
> Do you have a real SSL cert and if so was it from a cheap provider? In
> many case the SSL root cert for that provider is not within IE which can
> break things. The fix is to add that particular SSL cert providers
> intermediate.crt. It's probably somewhere on their site along with
> directions on how to add it to Apache.
>
> kashani
I'm using a self-signed certificate.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2006-07-19 18:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-19 14:52 [gentoo-user] OT - Dovecot and authentication Michael Sullivan
[not found] ` <20060719160741.6c61864f@hactar.digimed.co.uk>
2006-07-19 15:49 ` Michael Sullivan
2006-07-19 16:32 ` Neil Bothwick
2006-07-19 17:53 ` kashani
2006-07-19 18:37 ` Michael Sullivan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox