X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=doc%2Fauthentication.txt;h=d58e389548c5d839d2fb16a0c2b6b02d408e904f;hb=eaf1a31286fb9fc096ab235dd187f4bc8a3be571;hp=deff3059256f5b3afde777ccc562521042672b4c;hpb=1c6d997a14fd0034cfb1160bbebe5b86ae534132;p=squirrelmail.git

diff --git a/doc/authentication.txt b/doc/authentication.txt
index deff3059..d58e3895 100644
--- a/doc/authentication.txt
+++ b/doc/authentication.txt
@@ -1,7 +1,7 @@
 **********************************************
 IMAP AND SMTP AUTHENTICATION WITH SQUIRRELMAIL
-Preliminary documentation - 6 Dec 2002
-Chris Hilts chilts@birdbrained.org
+$Id$
+Chris Hilts tassium@squirrelmail.org
 **********************************************
 
 Prior to SquirrelMail 1.3.3, only plaintext logins for IMAP and SMTP were
@@ -12,6 +12,11 @@ SMTP. TLS is able to be enabled on a per-service basis as well.
 Unless the administrator changes the authentication methods, SquirrelMail
 will default to the "classic" plaintext methods, without TLS.
 
+Note: There is no point in using TLS if your IMAP server is localhost. You need
+root to sniff the loopback interface, and if you don't trust root, or an attacker
+already has root, the game is over.  You've got a lot more to worry about beyond
+having the loopback interface sniffed.
+
 REQUIREMENTS
 ------------
 
@@ -23,7 +28,7 @@ CRAM/DIGEST-MD5
 
 TLS
 * SquirrelMail 1.3.3 or higher
-* PHP 4.3.0 or higher
+* PHP 4.3.0 or higher (Check Release Notes for PHP 4.3.x information)
 * The "STARTTLS" command is NOT supported.  The server you wish to use TLS
   on must have a dedicated port listening for TLS connections. (ie. port
   993 for IMAP, 465 for SMTP)