"SfR Fresh" - the SfR Freeware/Shareware Archive

Member "dovecot-1.0.15/doc/wiki/Authentication.Mechanisms.txt" of archive dovecot-1.0.15.tar.gz:

As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field. 
    1 
    2 
    3 Authentication Mechanisms
    4 =========================
    5 
    6 
    7 
    8 
    9 Plaintext authentication
   10 ========================
   11 
   12 
   13 The simplest authentication mechanism is PLAIN. The client simply sends the password unencrypted to Dovecot. All clients support the PLAIN mechanism, but obviously there's the problem that anyone listening on the network can steal the password. For that reason (and some others) other mechanisms were implemented. 
   14 Today however many people use >>SSL/TLS<<, and there's no problem with sending unencrypted password inside SSL secured connections. So if you're using SSL, you probably don't need to bother worrying about anything else than the PLAIN mechanism. 
   15 Another plaintext mechanism is LOGIN. It's typically used only by SMTP servers to let Outlook clients perform SMTP authentication. 
   16 
   17 
   18 Non-plaintext authentication
   19 ============================
   20 
   21 
   22 Non-plaintext mechanisms have one major disadvantage: The server must store the password either in plaintext or using a special >>scheme<<. This makes it impossible to use them with commonly used DES or MD5 crypted passwords. Also the special password schemes are all incompatible with other non-plaintext mechanisms. 
   23 Dovecot supports the following non-plaintext mechanisms: 
   24 
   25  * CRAM-MD5: Protects the password in transit against eavesdroppers. Somewhat good support in clients. 
   26  * >>DIGEST-MD5<<: Somewhat stronger cryptographically than CRAM-MD5, but clients rarely support it. 
   27  * APOP: This is a POP3-specific authentication. Similiar to CRAM-MD5, but requires storing password in plaintext. 
   28  * NTLM: Mechanism created by Microsoft and supported by their clients. 
   29 
   30  * Optionally supported >>using Samba's winbind<<. 
   31 
   32  * >>GSS-SPNEGO<<: Similar to NTLM. 
   33  * >>GSSAPI<<: Kerberos v5 support. 
   34  * RPA: Compuserve RPA authentication mechanism. Similar to DIGEST-MD5, but client support is rare. 
   35  * ANONYMOUS: Support for logging in anonymously. This may be useful if you're intending to provide publically accessible IMAP archive. 
   36  * OTP and SKEY: One time password mechanisms. Supported only by Dovecot v1.1 and later. 
   37 
   38 
   39 Configuration
   40 =============
   41 
   42 
   43 By default only PLAIN mechanism is enabled. You can change this by modifying 'dovecot.conf': 
   44 
   45 ---%<-------------------------------------------------------------------------
   46 auth default {
   47   mechanisms = plain login cram-md5
   48   # ..
   49 }
   50 ---%<-------------------------------------------------------------------------
   51 
   52 (This file was created from the wiki on 2007-12-11 04:42)