[NCLUG] Stamping out clear-text passwords (was Re: webhosting question)

[Michael Milligan]

John L. Bass wrote:
> I forgot to say this is very easy on later RedHat systems:
> 
> 	[root at mybox root]# chkconfig imaps on
> 	[root at mybox root]# chkconfig pop3s on

Really... so, are self-signed certs generated behind the scenes?  Are you 
informed at all of what type of public/private key pair is generated (RSA, 
DSA) and of the strength (i.e, key length)?

Outlook/OE can also do password checking "securely", basically using MD5 (or 
is it CRAM) to verify.  That at least doesn't send the password in the 
clear, but the mail traversing the connection will be in the clear.

FWIW, I personally use the IMAP-over-SSL solution.  Tunneling over SSH is 
rather messy by comparison.

Regards,
Mike

-- 
Michael Milligan  --  Free Agent  --  milli at acmeps.com