On Thu, 2006-02-23 at 23:53 -0800, darren kirby wrote: > quoth the Michael Sullivan: > > I upgraded dovecot the other day to 1.0.beta3 and I was altering the > > configuration file trying to get it to work when I discovered something > > disturbing: our passwords were being trasmitted unencrypted across the > > Internet! > > Well, strait from the RFC we learn that POP3 protocol is plain text. > > Before settling on digest-md5 (or any other method) for authentication you > may > want to check that the clients you will be using support it. This > documentation will get you up to speed on your options: > http://wiki.dovecot.org/Authentication > > -d Based on what I read at the link you sent me, I think what I want is the following:
CRAM-MD5: Protects the password in transit against eavesdroppers. Somewhat good support in clients. The problem is that the web site doesn't tell me how to create a CRAM-MD5 password database... -- gentoo-user@gentoo.org mailing list
