By default, internal users must submit a password to retrieve their messages from Messaging Server. You enable or disable password login separately for POP, IMAP, and HTTP services. For more information about password login for POP IMAP, and HTTP Services, see 5.2.2 Password-Based Login.
User passwords can be transmitted from the user’s client software to your server as cleartext or in encrypted form. If both the client and your server are configured to enable SSL and both support encryption of the required strength (as explained in 23.5.2 To Enable SSL and Selecting Ciphers), encryption occurs.
User IDs and passwords are stored in your installation’s LDAP user directory. Password security criteria, such as minimum length, are determined by directory policy requirements; they are not part of Messaging Server administration.
Certificate-based login is an alternative to password-based login. It is discussed in this chapter along with the rest of SSL; see 23.5.3 To Set Up Certificate-Based Login
Challenge/response SASL mechanisms are another alternative to plaintext password login.