From: Garello, Kenneth (KGarello@worcester.edu)
Date: Thu Jul 12 2001 - 08:14:35 CDT
Looking into the exchange piece, it looks like all of the exchange
authentication protocol choices do support SSL,
Thanks for your suggestion - I guess I will be a Linux guru before this is
over :)
Ken
-----Original Message-----
From: Peter Valian [mailto:valianp@southwestern.edu]
Sent: Wednesday, July 11, 2001 1:48 PM
To: netreg@southwestern.edu
Subject: Re: NetReg: security authentication
Ken,
does exchange support either secure pop or imap (pop or imap over SSL)?
The solution Im thinking about may be a tad difficult if you're not
comfortable with linux. there is a package called stunnel
(http://www.stunnel.org) which is a generic SSL wrapper you may be able
to use to wrap the pop communication between the NetReg box and the
exchange box (if the exchange box is capable of understanding POP over
SSL).
a much simpler solution I think would be to get your NetReg box and
exchange server on the same subnet and have the data be fully switched
between them (this may not be possible in your environment, i don't
know).
so your registration page can be over SSL and then the traffic bewteen
NetReg and the exchange server would be switched.
I know there are more secure and elegant solutions for this...probably
the most elegant involves kerberos.
hope someone else has a better suggestion.
-peter
"Garello, Kenneth" wrote:
>
> I'm actually using a web interface(webmail) that speaks to exchange. This
> can be implemented using SSL.
>
> My problem is that I am not a Linux Guru, so I do not now if it is even
> possible to implement SSL with pop->exchange.
>
> Ken
>
> -----Original Message-----
> From: Peter Valian [mailto:valianp@southwestern.edu]
> Sent: Wednesday, July 11, 2001 11:17 AM
> To: netreg@southwestern.edu
> Subject: Re: NetReg: security authentication
>
> Ken,
>
> by secure I assume you mean you want the passwords passed encrypted.
> How do you currently have people checking mail? Do the clients they use
> do only encrypted authentication? POP or IMAP over SSL still isn't very
> wide spread.
>
> If you run a kerberized network, I believe a few people on the mailing
> list have written modules to do that.
>
> -peter
>
> --
> Peter Valian
> Network & Systems Administrator
> Southwestern University
> Georgetown, Texas
> 512.863.1586 office
> 512.863.1605 fax
> --
>
> "Garello, Kenneth" wrote:
> >
> > Can anyone give me basic steps in making the netreg pop authentication
> > secure against an exchange server?
> >
> > Thanks
> >
> > Ken
> >
> > Kenneth Garello
> > NT Manager
> > Worcester State College
> > **********************************************************************
> > To unsubscribe from this list, send an e-mail message to
> > majordomo@southwestern.edu containing a single line with the words:
> > unsubscribe netreg
> > Send requests for assistance to: owner-netreg@southwestern.edu
> > **********************************************************************
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
> **********************************************************************
> To unsubscribe from this list, send an e-mail message to
> majordomo@southwestern.edu containing a single line with the words:
> unsubscribe netreg
> Send requests for assistance to: owner-netreg@southwestern.edu
> **********************************************************************
-- Peter Valian Network & Systems Administrator Southwestern University Georgetown, Texas 512.863.1586 office 512.863.1605 fax -- ********************************************************************** To unsubscribe from this list, send an e-mail message to majordomo@southwestern.edu containing a single line with the words: unsubscribe netreg Send requests for assistance to: owner-netreg@southwestern.edu ********************************************************************** ********************************************************************** To unsubscribe from this list, send an e-mail message to majordomo@southwestern.edu containing a single line with the words: unsubscribe netreg Send requests for assistance to: owner-netreg@southwestern.edu **********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:35 CDT