[NCLUG] Stamping out clear-text passwords (was Re: webhosting question)
milli at acmeps.com
Thu Oct 17 15:12:57 MDT 2002
John L. Bass wrote:
> I forgot to say this is very easy on later RedHat systems:
> [root at mybox root]# chkconfig imaps on
> [root at mybox root]# chkconfig pop3s on
Really... so, are self-signed certs generated behind the scenes? Are you
informed at all of what type of public/private key pair is generated (RSA,
DSA) and of the strength (i.e, key length)?
Outlook/OE can also do password checking "securely", basically using MD5 (or
is it CRAM) to verify. That at least doesn't send the password in the
clear, but the mail traversing the connection will be in the clear.
FWIW, I personally use the IMAP-over-SSL solution. Tunneling over SSH is
rather messy by comparison.
Michael Milligan -- Free Agent -- milli at acmeps.com
More information about the NCLUG