What is "Secure Authentication" during an IMAP session? - Security

This is a discussion on What is "Secure Authentication" during an IMAP session? - Security ; Scenario: Dovecot IMAP server on Linux Thunderbird on Windows Thunderbird has a "Secure Authentication" (SA) option for incoming e- mail: http://patriot.net/~ramon/misc/SecureAuthentication.png I would like to provide that option from the server side. If I click on said option the client ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: What is "Secure Authentication" during an IMAP session?

  1. What is "Secure Authentication" during an IMAP session?


    Scenario:
    Dovecot IMAP server on Linux
    Thunderbird on Windows

    Thunderbird has a "Secure Authentication" (SA) option for incoming e-
    mail:

    http://patriot.net/~ramon/misc/SecureAuthentication.png

    I would like to provide that option from the server side. If I click
    on said option the client says that the server does not provide SA. I
    captured some Ethernet packets during the failed transaction, but
    cannot interpret the results.

    My fundamental problem is that I am not sure what they mean by SA.

    What exactly does Thunderbird mean by "Secure Authentication"?:

    I do have a few guesses.

    In this context, "Secure Authentication" means that:

    (1) The SASL deamon is used? (currently dovecot goes directly to PAM)
    (2) dovecot accepts and inspects a cert provided by the IMAP client?
    (3) dovecot requires a cert provided by the IMAP client?
    (4) a combination of the above?

    TIA for your insight,

    -Ramon


  2. Re: What is "Secure Authentication" during an IMAP session?

    Ramon F Herrera wrote:
    >
    >Thunderbird has a "Secure Authentication" (SA) option for incoming e-
    >mail: http://patriot.net/~ramon/misc/SecureAuthentication.png


    This is for Microsoft Secure Password Authentication.

    >In this context, "Secure Authentication" means that:
    > (1) The SASL deamon is used? (currently dovecot goes directly to PAM)


    Yes, you will need SASL support.

    Tony.
    --
    f.a.n.finch http://dotat.at/
    VIKING NORTH UTSIRE: NORTH BACKING NORTHWEST 4 OR 5, OCCASIONALLY 6 LATER.
    MODERATE, OCCASIONALLY ROUGH LATER. SHOWERS. GOOD.

  3. Re: What is "Secure Authentication" during an IMAP session?

    Ramon F Herrera writes:
    >Scenario:
    >Dovecot IMAP server on Linux
    >Thunderbird on Windows


    >Thunderbird has a "Secure Authentication" (SA) option for incoming e-
    >mail:


    Use secure authentication..
    .... Thunderbird supports GSSAPI, Kerberos, CRAM_MD5, DIGEST-MD5, NTLM,
    and APOP. NTLM is also called Secure Password Authentication (SPA) or
    Windows Integrated Login ..

    So, in addition to doing SSL/TLS, it'll either try via Kerberos or one
    of the other methods above.

    Dovecot looks like it supports many of them, but they all require
    different setup on the server end to support them.

    With universal SSL/TLS support, its probably a moot point for many of
    them, as they are all designed to protect plain text passwords from
    flying over the network in one way or the other, with varying setup
    needed on the server, but SSL/TLS makes it work pretty transparently
    without any special setup other than having a certificate of some
    kind. It doesn't get you any "extra" protection to do both.



+ Reply to Thread