Andreas Grabner wrote:
> Am Mittwoch, den 26.09.2007, 17:31 +0100 schrieb Lisa Muir:
>> On 9/26/07, Andreas Grabner <[EMAIL PROTECTED]> wrote:
>>>
>>> I have just figured out that only the first 8 characters of passwords
>>> are significant and the rest is irrelevant. Have i missed some
>>> configuration? I think this is a security issue.
>> In my experience, this would indicate that you're encrpting passwords
>> with the CRYPT function, try using SHA or MD5 instead to avoid the 8
>> character limitation, but bear in mind that you loose a certain amount
>> of system portability with your passwords which may or may not be an
>> issue.
> Thanks,
> i use
>
> IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN
>
> Doesn't this mean plain passwords in TLS connection? Should not have
> something to do with crypt. Right?
The passwords may be cleartext over the connection, but they're probably
stored in encrypted form in your MySQL database. Just make sure the
passwords are encrypted using something other than the {CRYPT} hash,
e.g. {SHA} or {MD5}.
> I have plain passwords in the database which AUTH mechanism should be
> preferred? Clients are Outlook [Express] and others?
IIRC, either PLAIN or LOGIN should work.
Cheers,
-- Johnny Lam
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
