Removing clear-text passwords

Removing clear-text passwords

[Greg Kilfoyle]

Hi,

I'm trying to set up my server so that no clear text
passwords are used to access the system.

The server is used (by others) via the following
access methods:

  - POP3 email
  - IMAP email
  - web (including web mail)
  - ftp (for uploading files, mainly web pages)

Most of my users have windows desktops, so I'm limited
to SSL/TLS for securing mail server access. I like
digest-md5, which evolution supports, but Outlook
doesn't support this.

For web access, SSL/TLS works fine.

I don't know what to do for ftp. Can SSL/TLS be used
with ftp and do windows applications, such as
FrontPage support it?

Another approach is to have ftp use a different
password than the one used for email - not sure how to
do this.

Any suggestions welcome.

Thanks, Greg.

Re: Removing clear-text passwords

[Miguel González Castaños]

For ftp you have sftp of SSH, then you would have a replace for telnet and
ftp.

There is also ftp-ssl, patching ftp servers with SSL support. SSH has been
made with security in mind, ftp servers normally lack of security and suffer
from many bugs...It is up to you to choose any of these posibilities.

As a drawback, there is no GUI client under linux for SSH, but there is one
for Windows, from www.ssh.com, you can give it a try.

HTH

Miguel

Greg Kilfoyle ha escrito:

> Hi,
>
> I'm trying to set up my server so that no clear text
> passwords are used to access the system.
>
> The server is used (by others) via the following
> access methods:
>
>   - POP3 email
>   - IMAP email
>   - web (including web mail)
>   - ftp (for uploading files, mainly web pages)
>
> Most of my users have windows desktops, so I'm limited
> to SSL/TLS for securing mail server access. I like
> digest-md5, which evolution supports, but Outlook
> doesn't support this.
>
> For web access, SSL/TLS works fine.
>
> I don't know what to do for ftp. Can SSL/TLS be used
> with ftp and do windows applications, such as
> FrontPage support it?
>
> Another approach is to have ftp use a different
> password than the one used for email - not sure how to
> do this.
>
> Any suggestions welcome.
>
> Thanks, Greg.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Removing clear-text passwords

[Mihai RUSU]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Greg

On Tue, 9 Dec 2003, Greg Kilfoyle wrote:

> Hi,
> 
> I don't know what to do for ftp. Can SSL/TLS be used
> with ftp and do windows applications, such as
> FrontPage support it?

www.proftpd.org with mod_tls module does the job. I have several such FTP 
setups. However the only win/visual/nice FTP client I know that does know 
SSL FTP is Voyager FTP client.

- -- 
Mihai RUSU                                    Email: dizzy@roedu.net
GPG : http://dizzy.roedu.net/dizzy-gpg.txt    WWW: http://dizzy.roedu.net
                       "Linux is obsolete" -- AST
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/2G60PZzOzrZY/1QRAs6QAKDdreegwxxxVfboCNtETKtkoVIO9QCeM5QC
jkxPZoZ25pGBxh/7SavpYkM=
=s1ZN
-----END PGP SIGNATURE-----

Re: Removing clear-text passwords

[Bob Hutchinson]

Greg Kilfoyle wrote:
> Hi,
> 
> I'm trying to set up my server so that no clear text
> passwords are used to access the system.
> 
> The server is used (by others) via the following
> access methods:
> 
>   - POP3 email
>   - IMAP email
>   - web (including web mail)
>   - ftp (for uploading files, mainly web pages)
> 
> Most of my users have windows desktops, so I'm limited
> to SSL/TLS for securing mail server access. I like
> digest-md5, which evolution supports, but Outlook
> doesn't support this.
> 
> For web access, SSL/TLS works fine.
> 
> I don't know what to do for ftp. Can SSL/TLS be used
> with ftp and do windows applications, such as
> FrontPage support it?

SecureFX from VanDyke Technologies is a very good ftp client for Win

> 
> Another approach is to have ftp use a different
> password than the one used for email - not sure how to
> do this.

Use qmail with vpopmail and qmailadmin, this disconnects email from unix 
users altogether, that way only the web developers need have a unix 
account. qmail/vpopmail can be set up to pop via a secure link, although 
I have not done so myself.
sqwebmail works with the above, and squirrelmail can be made to, and so 
can courier-IMAP.

Hope this helps

> 
> Any suggestions welcome.
> 
> Thanks, Greg.
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
>