-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 JOYDEEP schrieb: > Goetz Babin-Ebell wrote: >> The problem is that cram-md5 and digest-md5 need direct access to the >> pass phrase in plain text. >> AFAIK LDAP doesn't support this. >> You have to use TLS if you want to transmit the pass phrase securely... > > I am already running SSL aka imaps. but still was interested about > cram-md5 and digest-md5 for secured authorization. Why ? If all passphrases for your IMAP connections are transmitted over TLS, there is no need for cram-md5 or digest md5. If the atacker can read the TLS encrypted connection, you have lost anyway... cram-md5 and digest-md5 require the pass phrase stored unencrypted. This opens another can of worms... (And AFAIK LDAP doesnt support them...) Bye Goetz - -- DMCA: The greed of the few outweights the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGKGr62iGqZUF3qPYRAnX+AJ9KcdKf67B4I/7/B5cvyRZAA7iZqACeKWh/ 5O1TTXvldtdpi4tsjmFBQGo= =zEeK -----END PGP SIGNATURE----- ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
