From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bob Hutchinson Subject: Re: Removing clear-text passwords Date: Thu, 11 Dec 2003 17:04:08 +0000 Sender: linux-admin-owner@vger.kernel.org Message-ID: <3FD8A388.4050903@lrc.ruralwales.org> References: <20031209234041.92943.qmail@web80105.mail.yahoo.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20031209234041.92943.qmail@web80105.mail.yahoo.com> List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: linux-admin@vger.kernel.org Greg Kilfoyle wrote: > Hi, > > I'm trying to set up my server so that no clear text > passwords are used to access the system. > > The server is used (by others) via the following > access methods: > > - POP3 email > - IMAP email > - web (including web mail) > - ftp (for uploading files, mainly web pages) > > Most of my users have windows desktops, so I'm limited > to SSL/TLS for securing mail server access. I like > digest-md5, which evolution supports, but Outlook > doesn't support this. > > For web access, SSL/TLS works fine. > > I don't know what to do for ftp. Can SSL/TLS be used > with ftp and do windows applications, such as > FrontPage support it? SecureFX from VanDyke Technologies is a very good ftp client for Win > > Another approach is to have ftp use a different > password than the one used for email - not sure how to > do this. Use qmail with vpopmail and qmailadmin, this disconnects email from unix users altogether, that way only the web developers need have a unix account. qmail/vpopmail can be set up to pop via a secure link, although I have not done so myself. sqwebmail works with the above, and squirrelmail can be made to, and so can courier-IMAP. Hope this helps > > Any suggestions welcome. > > Thanks, Greg. > > - > To unsubscribe from this list: send the line "unsubscribe linux-admin" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > >