On 28/Sep/11 14:06, Lucio Crusca wrote: > In data mercoledì 28 settembre 2011 12:55:47, Sam Varshavchik ha scritto: >> >> Yes, but that's a separate configuration issue. Whether you're going to >> allow non-encrypted IMAP, POP3, or HTTP connections is separate from >> whether or not passwords are kept encrypted or in plain text. > > I mean: ok I can't have hash-based auth, If I want to store encrypted > passwrods I'm forced to plain text. That has only one downside AFAIK, i.e. > the > password goes on air in plain text, but I can solve this problem by using > SSL/TLS.
No, avoiding plain text on the wire is the purpose of hash-based challenge/response methods. The difference is whether admins or intruders can know users' passwords. Even if admins are 100% trusted and the server is well firewalled, it is worth to advise users, so that they don't reuse Courier password for their bank accounts. > I imagine the equivalent of my current Postfix+MySQL setups, where you > can add an account by simply adding a row in the MySQL table (phpmyadmin), > then Postfix creates the base maildir for that account on the first message > received. Courier does not. You have to run maildirmake according to your design. For example maildirmake Maildir maildirmake -f Sent Maildir maildirmake -f Trash Maildir maildirmake -f Drafts Maildir printf './Maildir/.Sent\n' > .courier-sent chmod u=rw,go= .courier-sent Don't forget to send a welcome message to the new mailbox... -- ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
