In data mercoledì 28 settembre 2011 17:35:18, Alessandro Vesely ha scritto: > > I mean: ok I can't have hash-based auth, If I want to store encrypted > > passwrods I'm forced to plain text. That has only one downside AFAIK, > > i.e. the password goes on air in plain text, but I can solve this > > problem by using SSL/TLS. > > No, avoiding plain text on the wire is the purpose of hash-based > challenge/response methods. The difference is whether admins or > intruders can know users' passwords. Even if admins are 100% trusted > and the server is well firewalled, it is worth to advise users, so > that they don't reuse Courier password for their bank accounts.
I don't quite get it, e.g I don't understand what's wrong in my reasoning. Why SSL/TLS is not a good choice to avoid plain text passwords on the wire? As for the advice to users, that would not be needed if I used encrypted passwords + plaintext auth + SSL/TLS, right? > Courier does not. You have to run maildirmake according to your > design. For example > > maildirmake Maildir > maildirmake -f Sent Maildir > maildirmake -f Trash Maildir > maildirmake -f Drafts Maildir > printf './Maildir/.Sent\n' > .courier-sent > chmod u=rw,go= .courier-sent Thanks for the script. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
