Sogo indeed supports tls (and ssl) login using plain auto. Martin
Von meinem iPhone gesendet Am 17.03.2011 um 17:55 schrieb Eric Shubert <e...@shubes.net>: > On 03/17/2011 09:44 AM, Bharath Chari wrote: >> On 03/17/2011 09:37 PM, Eric Shubert wrote: >>> On 03/17/2011 08:52 AM, Bharath Chari wrote: >>>> On 03/17/2011 07:42 PM, Carlos Herrera Polo wrote: >>>>> Sogo looks excelent.... I should install from RPM or sources ?? >>>>> We have to make a lot of changes ?? Or not ??... Qmailtoaster is a >>>>> great MTA... and groupware software is a plus >>>>> >>>>> 2011/3/17 Martin Waschbuesch <mar...@waschbuesch.de >>>>> <mailto:mar...@waschbuesch.de>> >>>>> >>>>> Hi guys, >>>>> >>>>> I have successfully installed sogo on my toaster, but there are >>>>> some issues I still need to work on: >>>>> >>>>> - Auth-backend is ldap and I failed terribly at any attempt to >>>>> have more than one mail domain reflected in the ldap tree >>>>> - i had to manually set up the ldap tree to reflect that one domain >>>>> >>>>> Luckily, it still solves my immediate problem as I had a >>>>> requirement to offer CalDAV & CardDAV support. Works like a charm! >>>>> >>>>> >>>> I don't even know what language(s) sogo's written in. I'm >>>>> guessing >>>>> >>>> the authentication part (at least) is c/c++, but it could be >>>>> >>>> something else. Would someone like to find out? >>>>> >>>> >>>>> >>> Should not be to difficult to do this, even a view might do >>>>> the trick.. >>>>> >>> Sogo is written in Objective-C btw.. >>>>> >>> >>>>> >>> Will do some tests soon.. >>>>> >>> >>>>> >>> JP >>>>> >>> >>>>> >> My thought (after my earlier post), was to rig up a view in >>>>> MySQL with >>>>> >> appropriate field names, so as not to mess around with sogo >>>>> code. Should >>>>> >> be doable in a single domain situation. Will run tests after I >>>>> get sogo >>>>> >> set up, and post results. >>>>> >> >>>>> >> Bharath >>>>> >> >>>>> >>>> I had a doubt that Sogo may not support md5crypt, which is how the >>>> passwords are stored in the vpopmail database. It looks like that is the >>>> case. >>>> >>>> See this link: >>>> >>>> http://mail.opengroupware.org/pipermail/sogo/2010-February/005083.html >>>> >>>> I haven't found any later references that say that sogo supports >>>> md5crypt, so it looks like the sogo code WILL have to be patched for >>>> authentication against the vpopmail mysql database. Please note that the >>>> patch in the link may be against an earlier release. >>>> >>>> Bharath >>> >>> Does sogo support plain login with TLS/SSL? If so, that should work. >>> >>> While patching sogo is probably more attractive than patching >>> vpopmail, perhaps we should make a request to have vpopmail support >>> whatever it is that sogo is using. (I'm guessing digest-md5). >>> >> An _ugly_ workaround would be to use stunnel. Doesn't make too much >> sense on localhost though, does it? So, cleartext from a trusted >> (localhost) connection may be the simplest way to achieve this. Initial >> thoughts only, so don't hold it against me :) >> >> Bharath >> >> --------------------------------------------------------------------------------- > > I don't have a problem using plain login w/ TLS. In fact, I would use TLS > with localhost as well (just so I know it works because I'd likely move it to > a separate host at some point). > > As long as TLS (or SSL, but I prefer TLS) is used, plain logins are ok, as > passwords are not sent in clear text over the wire this way. > > The only problem I see with plain logins is that passwords are stored in > clear text. I don't necessarily recommend this, and it can be a problem in > some situations. Changing this policy though is a bigger change, and should > be addressed on its own. Personally, I wouldn't mind seeing QMT move in this > direction (eliminating the storing of passwords in clear text). We need to be > sure though that in so doing that all of the other bases (encrypted password > types) are covered. > > -- > -Eric 'shubes' > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and packages. > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com