From owner-freebsd-questions  Sun Jan 21 15:42:44 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 02A3D37B400
	for <freebsd-questions@freebsd.org>; Sun, 21 Jan 2001 15:42:27 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Sun, 21 Jan 2001 15:40:40 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.0) id f0LNgVU31753;
	Sun, 21 Jan 2001 15:42:31 -0800 (PST)
	(envelope-from cjc)
Date: Sun, 21 Jan 2001 15:42:30 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Arcady Genkin <antipode@thpoon.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: UW-IMAP server and secure authentication
Message-ID: <20010121154230.Z10761@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <87hf2s4hb7.fsf@tea.thpoon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <87hf2s4hb7.fsf@tea.thpoon.com>; from antipode@thpoon.com on Sun, Jan 21, 2001 at 06:27:24PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Jan 21, 2001 at 06:27:24PM -0500, Arcady Genkin wrote:
> Having read the documentation on UW imap server I understand that I
> need to purchase an SSL certificate to use SSL build of the server.

Really?

> Is there any way I can implement secure authentication mechanism (just
> encrypted username and passwords) without having to buy the
> certificate?  If yes, will this mechanism be supported by popular
> MS-based mail readers?

I don't see why you can't use a self-signed cert. Provided you
distribute it securely (relative to what you are protecting and other
security measures), it is a fairly good solution.

I have never used SSL within UW IMAP. However, I set up a mailserver
which used stunnel (in the ports) to get SSL access to UW IMAP. Making
a self-signed cert with stunnel was painless and a reasonable solution
for that organization. Almost all of the users were using M$ Outlook
Express as a MUA. A few Netscape Messenger users. Neither had an
problems.  
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message