I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an error from dovecot telling me that this is not supported.. Is this because dovecot does not support this or am I missing some config? Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no ----------------------------------------------------------------------------------------------- Someone wrote: "I understand that if you play a Windows CD backwards you hear strange Satanic messages" To which someone replied: "It's even worse than that; play it forwards and it installs Windows" -----------------------------------------------------------------------------------------------
Show output from: dovecot -n On 11.11.2007 3:13, Bj?rn T Johansen wrote:> I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an > error from dovecot telling me that this is not supported.. > > Is this because dovecot does not support this or am I missing some config? > > > Regards, > > BTJ > >
On 2007-11-11 01:13, Bj?rn T Johansen wrote:> I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an > error from dovecot telling me that this is not supported.. > > Is this because dovecot does not support this or am I missing some config?Might be. But note that with "secure authentication" it might mean CRAM-MD5, DIGEST-MD5, Kerberos a.s.o. that are no simple plain text or just Base64 coding mechanisms. SSL on the other hand is a way to make a secure *connection*. So make sure some of the above mechanisms are enabled in your dovecot installation as well. J?rgen ---AV & Spam Filtering by M+Guardian - Risk Free Email (TM)---
On 11.11.2007 14:18, J?rgen Herz wrote:> On 2007-11-11 01:13, Bj?rn T Johansen wrote: > >> I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an >> error from dovecot telling me that this is not supported.. >> >> Is this because dovecot does not support this or am I missing some config? >> > > Might be. But note that with "secure authentication" it might mean > CRAM-MD5, DIGEST-MD5, Kerberos a.s.o. that are no simple plain text or > just Base64 coding mechanisms. SSL on the other hand is a way to make a > secure *connection*. > So make sure some of the above mechanisms are enabled in your dovecot > installation as well. > > J?rgen > > ---AV & Spam Filtering by M+Guardian - Risk Free Email (TM)--- > >Agree, its probably it is this because secure authentication means secure password not secure connection.
Bj?rn T Johansen wrote:> I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an > error from dovecot telling me that this is not supported.. > > Is this because dovecot does not support this or am I missing some config? >SSL and secure passwords are different things - if you've enabled SSL on the client, secure passwords are redundant really - the whole connection is encrypted. Secure password authentication is only supported by dovecot when your backend password store is in unencrypted plain text - the client hashes the password, which is compared to a hash generated by the server. If memory serves, SPA is based on NTLM, hence the requirement for plaintext in the backend for generation of the hash, though I suppose if you were storing NTLM hashes it could be made to work. Personally, I prefer to have the passwords securely encrypted in the backend though, and so rely on SSL for securing the connection, disregarding SPA entirely.
On Sun 11 Nov 2007, J?rgen Herz wrote:> On 2007-11-11 01:13, Bj?rn T Johansen wrote: > > I have enabled SSL support for my dovecot installation but if I enable > > secure authentication in my MUA, I get an error from dovecot telling me > > that this is not supported.. > > > > Is this because dovecot does not support this or am I missing some > > config? > > Might be. But note that with "secure authentication" it might mean > CRAM-MD5, DIGEST-MD5, Kerberos a.s.o. that are no simple plain text or > just Base64 coding mechanisms. SSL on the other hand is a way to make a > secure *connection*. > So make sure some of the above mechanisms are enabled in your dovecot > installation as well.Apologies for a very ignorant question, but I am puzzled by authentication generally in Linux. Eg does one have to choose between CRAM-MDS, etc. Could I just ignore them all if I use SSL? Is there a clear and simple document on authentication in Linux?