On Thu, Dec 09, 1999 at 08:43:18PM -0500, Jason Costomiris wrote:
> On Fri, Dec 10, 1999 at 09:30:28AM +1100, Dan Horth wrote:
> : I know that Eudora supports Kerberos and APOP authentication as well
> : as cleartext passwords... I was just wondering if either of these
> : options are more secure, and if so how would I go about setting up
> : our server to use these.
> Kerberos can be a nightmare to setup. Don't do it unless you're really
> sure, and want all of that extra overhead.
I'll agree with that...
> If you use APOP, you'll have to store the users' passwords in the clear on
> the server. Authentication is accomplished by using an MD5 challenge
> and response, similar to CHAP authentication on a PPP link.
I don't agree that you have to store the passwords on the server
in clear text. I've got one server with APOP configured and it stores
hashes. They are different hashes from the normal password hashes, so
you have to have a different database for APOP, but it's not storing clear
text passwords. Administratively it really sucks to maintain the separate
password databases and changing passwords is a royal hassle.
> Want the best of all worlds? IMAP tunnelled inside SSH, or using CRAM-MD5
> authentication.
You can also go with imaps (SSL encrypted imap) or pop3s (SSL
encrypted pop3). I'm not sure about Eudora, but Netscape (all platforms),
OutLook (LookOut?) and Exchange all support one or both. On the Linux
end, Mutt has support for one of them and I did the SSL patches for Fetchmail
that are now in the main sources.
> Eudora Pro 4.x supports IMAP.
> --
> Jason Costomiris <><
> Technologist, cryptogeek, human.
> jcostom {at} jasons {dot} org | http://www.jasons.org/
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
