Passwords are not stored plaintext. The authentication is plaintext. To avoid people capturing your passwords, you will encrypt the session using ssl or TLS.
Makes sense? Authorization by imapd will be using pamd. Murat Andreas Aardal Hanssen wrote: >Where would you store the plain text passwords? > >Andy > >On Fri, 16 Aug 2002, Murat Bicer wrote: > > > >>You can use stunnel and keep using plain test passwords. >>In which case you need to have an ssl certificate. Either you have to >>buy it or you take the risk of having a man in the middle attack. >> >>You can use also TLS which will require a certificate as well. >> >> >>Andreas Aardal Hanssen wrote: >> >> >> >>>Does anyone on this list have a safe way of providing kerberos >>>authentication? >>> >>>I've thought of a couple of things: >>> >>>- storing passwords plain >>> >>>Obviously not a solution one would strive for, but there may be safe ways >>>to do this - retreiving password through an encrypted channel, forced >>>commands, etc etc >>> >>>- symmetric encryption, using private key owned by imap server / >>> user >>> >>>Well, the obvious problem here is that the key can get compromized. >>> >>>Andy >>> >>> >>> >>> >>> >> >> >> > > >
smime.p7s
Description: S/MIME Cryptographic Signature
