Thank you for your answer. What do you mean by "you may as well use 2" ? You mean both authentication options ? I though we have to decide in dovecot.conf to use one option or another one... I do force the use of my webserver (lighttpd) through https. My question was the best option between plain/PAM and cram-md5 authentications "locally".
> On 02/05/2007 12:13, Eric wrote: >> Dear Dovecot experts, >> I have a small home server debian based, with >> postfix/dovecot/squirrelmail >> installed locally and working. Dovecot is used non-secured (no imaps) >> but >> only on the 192.168.0.100 address (address of the server on the local >> network). I want to use squirrelmail to read my email from outside. >> Squirrelmail can configured to access it in particular, either through >> cram-md5 or login auths. >> In that situation, is it better (I mean more secure) to use : 1) auth >> mechanim = cram-md5 or 2) auth mechanism = plain (using PAM >> authentication >> for dovecot) ? That will determine my dovecot configuration. > > What Squirrelmail can do doesn't matter, you need to get your web server > using SSL, so your password is encrypted going over the 'net to get to > your home server. Then you may as well use 2. > > Cheers, > > John. >
