Hi Gurus,
May thanks to
Dirk Hufnagel
Erik Persson
Roy Smith
Keith Piepho
Robin Kundert
Steve VanDevende
Michael H. Martel
Richard Stevenson
Simon Greaves
who took their time to answer my questions with respect to imap. I summarize
below their replies:
> I have some doubts regarding imap and would like to be clarified:
>
> 1) Is imap a safe substitute for pop3 in the sense that it circulates only
> encrypted passwords?
By default imap is equivalent to pop, i. e., it does not come with any
encryption resource, although "... some recent IMAP implementations may have
support for some secure authentication methods (eg CRAM-MD5, kerberos etc)".
A possibility to avoid passwords is to install the rimap option in WU IMAP
but this requires rsh be running, what is not safe. Another possibility is
to "tunnel" imap with ssl (www.openssl.org and
http://mike.daewoo.com.pl/computer/stunnel/). On the client (pcs in our case)
side Netscape and Outlook Express can work with imap protocol. Dirk followed
the recipe found in www.dtcc.edu/cs/admin/notes/ssl to combine ssl with imap.
It worked for him. Another pointer was given by Erik that works for Solaris
(and could also for DU):
http://fy.chalmers.se/~appro/ssl_inetd.html. However he stresses that the
combination imap+ssl represents a considerable load to cpu. Those who like
italian spices could take a look into
http://security.fi.infn.it/tools/stunnel
for a recipe of imap (and pop) with ssl.
> 2) Why in the installation of imap is it necessary to install also pop2
> and pop3 services? I thought I could disable pop completely so that to
> prevent the security hole represented by ascii passwords.
Although wu imap README file suggests pop2 and pop3 to be installed this
has nothing to do with imap and is not necessary.
> 3) What is the right option to run make for DU/OSF1 3.2 under C2 in order
> to build imap? (I am not sure between "osf" - OSF/1, and "sos" -
> OSF/1 with SecureWare).
Got one vote for "osf" and one for "sos"; probably both options work.
Regards,
Oyanarte Portilho
Institute of Physics
University of Brasilia, Brazil
Received on Mon Jul 19 1999 - 19:59:57 NZST