| Author |
|
rq3wa53a7d182e0
Newbie
Joined: 10 September 2015
Location: France
Online Status: Offline
Posts: 3
|
| Posted: 10 September 2015 at 6:23am | IP Logged
|
|
|
Hello,
I used to run a Roundcube installation, connecting to IMAPS locally with a dovecot server supporting :
auth_mechanisms = scram-sha-1 digest-md5 cram-md5
Now I've got a fresh installation of Webmail Lite running fine.
But I had to change my dovecot settings to allow PLAIN authentication, otherwise Webmail Lite wouldn't connect to it, with dovecot complaining it doesn't support PLAIN authentication.
Looking at the source code of Webmail Lite I saw some "// todo" comments near the auth mechanism section of the code. I didn't dig more, but are SCRAM-SHA-1, DIGEST-MD5 or CRAM-MD5 supposed to be supported by Webmail Lite ? It bothers me to lower the security level.
Is it supported in the Pro version ?
Thanks.
|
| Back to Top |
|
| |
Igor
AfterLogic Support
Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6104
|
| Posted: 10 September 2015 at 6:53am | IP Logged
|
|
|
PHP version of AfterLogic WebMail uses AUTH LOGIN method by default, and it's also able to use AUTH PLAIN unless that option is disabled in data/settings/config.php file:
Code:
| 'login.enable-plain-auth' => 'false', |
|
|
More secure methods are not currently supported, be it Lite or Pro. However, if you access IMAP server over SSL, that shouldn't be a problem.
--
Regards,
Igor, AfterLogic Support
|
| Back to Top |
|
| |
rq3wa53a7d182e0
Newbie
Joined: 10 September 2015
Location: France
Online Status: Offline
Posts: 3
|
| Posted: 11 September 2015 at 9:34am | IP Logged
|
|
|
Thank you for that answer.
|
| Back to Top |
|
| |
MailBee.NET Objects 
MailBee.NET Queue 
MailBee Objects 
WebMail Pro PHP 
AfterLogic Aurora 
MailSuite Pro for Linux 
Unified Messaging Solution 
Search
Register
Login
Topic: Webmail Auth uses PLAIN instead of CRAM-M
Privacy policy |
Refund policy