The mail clients are mozilla and thunderbird running under windows. The test instances connect just fine to port 993, when the "use secure connection (SSL)" option is checked. There is also an option on the clients to "Use secure authentication", which is unchecked. When I check this option and attempt to access the server I get the warning "You cannot log in to ------ because you have enabled secure authentication and this server does not support it."
Can someone please explain (or direct me to a reference, with pointers to specific passages, if possible)
1 - whether or not, with my current configuration, the password is passed over the network in cleartext?
Nothing on port 993 is sent in clear text. Everything is encrypted.
2 - how the unchecked option relates to configuration(s) on the imapd-ssl server?
Depending on the IMAP, the completely uninformative error message could either be referring to:
A) A proprietary Microsof authentication method
B) SASL CRAM-MD5 or CRAM-SHA1 authentication, which is supported in Courier, provided that the server is configured to use a cleartext password-based authentication database. See INSTALL.
Port 993 traffic is encrypted in either case; the benefits of CRAM authentication in that case are marginal.
pgp00000.pgp
Description: PGP signature
