Educause Security Discussion mailing list archives
Re: Gmail for students and IMAP
From: "Dergenski, Todd A." <TDergens () ODU EDU>
Date: Wed, 29 Jul 2009 10:42:09 -0400
It all depends on how you integrated with Gmail. If you take the SAML approach Google never has the password, but it does make IMAP a tricky situation. IMAP will not work with SAML authentication, so either the end user supplies a password to Google directly or your Middleware folks set a password when they manipulate the account through the API. During our integration it was decided that Google asking for a password would result in the user using their ODU Password. This defeats the whole purpose of using SAML to keep the password here. In the end, we decided on disabling IMAP until we come up with a solution that allows the local password to stay here, but gives them a convenient method of managing the IMAP password. Please feel free to call or email we are just down the highway. Todd Dergenski Old Dominion University Senior Security Administrator 4700 Elkhorn Ave - Room 4300 Norfolk, Va, 23529 USA (757) 683-4301 tdergens () odu edu<mailto:tdergens () odu edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kamnab Keo/FS/VCU Sent: Wednesday, July 29, 2009 8:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Gmail for students and IMAP Can anybody share their experience with Gmail for student email accounts and IMAP access? I am particularly interested in IMAP account configuration and authentication. Thanks, Kamnab Keo IT Risk Management Analyst Virginia Commonwealth University VCU Information Security - http://infosecurity.vcu.edu/ Information Security News, Tips & More - http://www.twitter.com/vcuinfosec Information Security Best Practices - http://infosecurity.vcu.edu/docs/information-security-best-practices.pdf Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.
Current thread:
- Re: Gmail for students and IMAP, (continued)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc. VP IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP Sarazen, Daniel (Jul 29)
- Re: Gmail for students and IMAP Stanclift, Michael (Jul 29)
- Re: Gmail for students and IMAP Dennis Meharchand (Jul 29)
- Re: Gmail for students and IMAP Sarazen, Daniel (Jul 29)
- Re: Gmail for students and IMAP Stanclift, Michael (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc. VP IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 29)
- Re: Gmail for students and IMAP Adam Nave (Jul 29)
- Re: Gmail for students and IMAP Vik Solem (Jul 29)
- Re: Gmail for students and IMAP Dergenski, Todd A. (Jul 29)
- Re: Gmail for students and IMAP Jeffrey I. Schiller (Jul 29)
- Re: Gmail for students and IMAP Valdis Kletnieks (Jul 29)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 29)
- Re: Gmail for students and IMAP Greg Francis (Jul 29)
- Re: Gmail for students and IMAP Sauvigne, Craig M (Jul 29)
- Re: Gmail for students and IMAP Valdis Kletnieks (Jul 29)
- Re: Gmail for students and IMAP Jesse Thompson (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc of IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP Tonkin, Derek K. (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc of IS/IT & CIO (Jul 29)
(Thread continues...)