From: Guillaume Rousse (rousse at ccr dot jussieu dot fr)
Date: Tue Jun 15 2004 - 17:36:13 EDT
I'm setting up a server with both imap and stmp auth. Autentication
through digest or cram-md5 are far more secure than plain and login
methods, cause the passwd is never sent on the network. However, they
are far more difficult to set up, as they need the server to have a
password stored in clear form, usually leading to a second password for
each user beyond the one for shell account.
May I assume I could get the same level of security using plain or login
methods on crypted communication layers, meaning imaps and stmps only?
However, whereas ensuring imaps only is easy (just shut down imap
server), how could I allow smtp auth over smpts? I can't shut down smtp
server, otherwise incoming message wouldn't get by.
-- The higher the "higher-ups" are who have come to see your demo, the lower your chances are of giving a successful one -- Fundamental Law of Thermodynamics n°4