The CommuniGate Pro Server supports both clear-text and secure SASL authentication methods for the following TCP-based session-oriented protocols:
These secure methods allow mail clients to send encrypted passwords over non-encrypted and insecure links. If anybody can monitor your network traffic, SASL methods ensure that the real passwords cannot be detected by watching the client-server network traffic.
As an alternative to SASL methods, secure links (SSL/TLS) can be used between the client mailer and the server. When an SSL link is established, the entire network traffic between the server and the client is encrypted, and passwords can be sent in clear text over these secure links.
You can force an Account user to use either a SASL authentication method or SSL/TLS links if you enable the Secure Method Required option in the Account Settings. When this option is enabled, the Server rejects all authentication requests that send passwords in the clear text format over insecure links.
The CommuniGate Pro Server supports the following insecure (clear text) SASL authentication methods:
The CommuniGate Pro Server supports the following secure SASL authentication methods:
The CommuniGate Pro Server supports the following GSSAPI authentication methods:
The CommuniGate Pro Server supports the following SASL-EXTERNAL authentication methods:
The CommuniGate Pro Server supports the non-standard NTLM and MSN SASL methods used in Microsoft® products.
The CommuniGate Pro supports the secure APOP authentication method (used mostly for the POP protocol), and the insecure "regular login" method for the protocols that support Clear Text Login.
The CommuniGate Pro Server supports the special SessionID Authentication method.
Use the WebAdmin Interface to open a Domain Settings page and find the Login Methods panel:
CLRTXT: When this option is selected, the Server advertises all supported non-secure (clear text) authentication for this Domain.
CRAM-MD5, DIGEST-MD5: When these options are selected, the Server advertises the secure CRAM-MD5 and DIGEST-MD5 authentication methods for this Domain. Do not select these options if the Domain Accounts use one-way encrypted passwords, OS Passwords, or other authentication methods that do not support secure authentication methods.
APOP: When this option is selected, the Server provides a special initial prompt for POP and PWD connections. Mail clients can use this prompt to employ the secure APOP authentication method. Do not select this