SSL will only prevent in transit exposure on the wire. Once the person
logs in to Google using IMAP or POP , the password is exposed to Google
as IMAP and POP do not use CAS based authN.
Alan Sill wrote:
> Hi Barry,
> On Apr 21, 2009, at 2:32 PM, Barry R Ribbeck wrote:
>> Be aware that the the following has appeared on this list before.
>> Linking your Auth system into Google is fine and does not expose your
>> institutional accounts password, however if the user base wishes to use
>> PDA access to POP and IMAP function of GMAIL, this will expose their
>> institutional credentials and has forced some to rethink the sync
>> strategy. This may be something to consider before committing to an SSO
>> strategy with GMAIL.
> Good point. I believe this can be solved completely by requiring SSL
> access via IMAP, and not allowing POP access. This is a good policy
> regardless of the underlying mail system.
> Alan Sill, Ph.D
> Senior Scientist, High Performance Computing Center
> Adjunct Professor of Physics
> : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
> : e-mail: [log in to unmask] ph. 806-742-4350 fax 806-742-4358 :