Use secure authentication checkbox - Mozilla

This is a discussion on Use secure authentication checkbox - Mozilla ; I am writing documentation on setting up Thunderbird for use with our SSL connections. I am curious what the function of the check box "Use secure authentication" is for. I notice that I can connect to our servers with the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Use secure authentication checkbox

  1. Use secure authentication checkbox

    I am writing documentation on setting up Thunderbird for use with our
    SSL connections. I am curious what the function of the check box "Use
    secure authentication" is for. I notice that I can connect to our
    servers with the check box either on or off. Does the user need to check
    this box if they are using SSL and what are the implications if they do not.

    Any insight into this would be greatly appreciated,

  2. Re: Use secure authentication checkbox

    Christopher Johnson wrote:
    > I am writing documentation on setting up Thunderbird for use with our
    > SSL connections. I am curious what the function of the check box "Use
    > secure authentication" is for. I notice that I can connect to our
    > servers with the check box either on or off. Does the user need to check
    > this box if they are using SSL and what are the implications if they do
    > not.
    >
    > Any insight into this would be greatly appreciated,



    Does your connection require authentication every time the user signs on
    or not?

    If it does, then have the box checked
    If it doesnt, then leave the box unchecked

  3. Re: Use secure authentication checkbox

    Moz Champion (Dan) wrote:
    > Christopher Johnson wrote:
    >> I am writing documentation on setting up Thunderbird for use with our
    >> SSL connections. I am curious what the function of the check box "Use
    >> secure authentication" is for. I notice that I can connect to our
    >> servers with the check box either on or off. Does the user need to check
    >> this box if they are using SSL and what are the implications if they do
    >> not.
    >>
    >> Any insight into this would be greatly appreciated,

    >
    >
    > Does your connection require authentication every time the user signs on
    > or not?
    >
    > If it does, then have the box checked
    > If it doesnt, then leave the box unchecked


    Umm, no, Dan. Incorrect.

    You are referring to Use Name & Password under the Outgoing Server
    (SMTP)Settings. Not all SMTP servers require authentication to send
    mail. My ISP does not, GMail does. Interestingly enough, there does
    not seem to be an option for secure authentication for the SMTP server,
    your only options for TLS or SSL.

    POP or IMAP servers, at least as far as I have ever seen, always require
    authentication. It would be stupid not to. Anyone could read your mail
    if they didn't.

    The setting he is referring to is , Server Settings, Use
    Secure Authentication. It enables/disables *secure* authentication.

    http://www.mozilla.org/status/2003-06-06.html
    Secure Mail Server Authentication

    "Because some mail servers claim to support secure authentication (e.g.
    CRAM-MD5) when they really don't, there is now a checkbox to
    enable/disable it (disabled by default) (bug 205571)."

    Christopher,

    If you are able to connect to the server with it on, then the server
    does support secure authentication. According to the bug discussion, if
    the server did not support secure authentication, then the login would
    fail and you would not connect. Once you enable secure authentication,
    it disables plain-text authentication for that account.
    http://bugzilla.mozilla.org/show_bug.cgi?id=205571

    Since you say you are using SSL, it shouldn't be necessary to use secure
    authentication, as the connection would be encrypted anyway.

    The purpose of secure authentication would be to encrypt the
    user/password on a non-secure connection, to prevent sending your
    user/password in the clear. In your case, it would be overkill.
    Obviously, no harm will come from using it as long as the server
    supports it, as you have seen.

    Hope that helps.

    --
    Alex

+ Reply to Thread