On Wednesday 15 December 2004 12:24 am, Eduardo M. Bragatto wrote: > Charles Sprickman wrote: > >> So I have to choose: using a cryptography authentication method > >> that's not safe or having the password being save as plain (wich is > >> not safe either)? > > > > No... > > You did not pointed how to do what I'm asking: is it possible to use > CRAM-MD5 without clear passwords?
cram-md5 requires the clear text password on both ends, however, the transmission of the password is secure. > > There's a simple workaround; use standard auth and in your setup guides > > show your users how to click the "Use SSL/TLS" option in their mail > > program. Then your login (and the contents of the message they are > > sending/receiving) is encrypted, and you can use an auth mechanism that > > does not require clear-text passwords. > > It's not a workaround for me. I do not use TLS patch and I don't really > want to encrypt messages. I just want to be sure that my users' password > will not be acessible for anyone but themselves. setting up SSL is very easy to do. http://superscript.com/ucspi-ssl/intro.html it's about 3 changes to your run script, and generating your SSL certificates, which takes about 5-10 minutes to do. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
Description: PGP signature