Re: Pop or Imap?
On Fri, Dec 07, 2001 at 12:07:34PM +0100, Russell Coker wrote:
> On Fri, 7 Dec 2001 08:13, Tim Uckun wrote:
> > I am concerned about pop passwords being transmitted plaintext. Does
> > imap encrypt passwords? if not does any protocol exists which does.
>
> Both POP and IMAP have extensions to allow minimal security for the
> password (but still allow plain-text transfer of the messages).
>
> Also both POP and IMAP have TLS extensions that allow a client to
> request SSL mode after connecting, and there are separate ports
> defined for POP and IMAP servers that only do SSL.
>
> The courier-pop-ssl and courier-imap-ssl packages do this well.
alternatively, if you don't want to use courier, the stunnel package can
be used to wrap any pop and/or imap daemon for SSL encryption.
e.g.
stunnel -d 993 -l /usr/sbin/imapd imapd
stunnel -d 995 -l /usr/sbin/ipop3d ipop3d
several POP/IMAP clients have ssl support. including, i believe,
outlook, eudora, and netscape.
btw, stunnel has tcpwrappers support built-in, so you don't need to use
tcpd with it.
craig
--
craig sanders <cas@taz.net.au>
Fabricati Diem, PVNC.
-- motto of the Ankh-Morpork City Watch
Reply to: