On Wednesday 15 December 2004 12:24 am, Eduardo M. Bragatto wrote:
> Charles Sprickman wrote:
> >>     So I have to choose: using a cryptography authentication method
> >> that's not safe or having the password being save as plain (wich is
> >> not safe either)?
> >
> > No...
>       You did not pointed how to do what I'm asking: is it possible to use
> CRAM-MD5 without clear passwords?

cram-md5 requires the clear text password on both ends, however, the 
transmission of the password is secure.

> > There's a simple workaround; use standard auth and in your setup guides
> > show your users how to click the "Use SSL/TLS" option in their mail
> > program.  Then your login (and the contents of the message they are
> > sending/receiving) is encrypted, and you can use an auth mechanism that
> > does not require clear-text passwords.
>       It's not a workaround for me. I do not use TLS patch and I don't really
> want to encrypt messages. I just want to be sure that my users' password
> will not be acessible for anyone but themselves.

setting up SSL is very easy to do.  

it's about 3 changes to your run script, and generating your SSL certificates, 
which takes about 5-10 minutes to do.


Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
  [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l
      kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail
         GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]

Attachment: pgpz6Cd4JEM1M.pgp
Description: PGP signature

Reply via email to