Educause Security Discussion mailing list archives

Re: Gmail for students and IMAP

From: "Dergenski, Todd A." <TDergens () ODU EDU>
Date: Wed, 29 Jul 2009 10:42:09 -0400

It all depends on how you integrated with Gmail.  If you take the SAML approach Google never has the password, but it 
does make IMAP a tricky situation.  IMAP will not work with SAML authentication, so either the end user supplies a 
password to Google directly or your Middleware folks set a password when they manipulate the account through the API.

During our integration it was decided that Google asking for a password would result in the user using their ODU 
Password.  This defeats the whole purpose of using SAML to keep the password here.  In the end, we decided on disabling 
IMAP until we come up with a solution that allows the local password to stay here, but gives them a convenient method 
of managing the IMAP password.

Please feel free to call or email we are just down the highway.

Todd Dergenski
Old Dominion University
Senior Security Administrator
4700 Elkhorn Ave - Room 4300
Norfolk, Va, 23529 USA

(757) 683-4301
tdergens () odu edu<mailto:tdergens () odu edu>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kamnab 
Keo/FS/VCU
Sent: Wednesday, July 29, 2009 8:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Gmail for students and IMAP

Can anybody share their experience with Gmail for student email accounts and IMAP access?  I am particularly interested 
in IMAP account configuration and authentication.

Thanks,


Kamnab Keo
IT Risk Management Analyst
Virginia Commonwealth University

VCU Information Security - http://infosecurity.vcu.edu/
Information Security News, Tips & More - http://www.twitter.com/vcuinfosec
Information Security Best Practices - http://infosecurity.vcu.edu/docs/information-security-best-practices.pdf

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with 
your password, Social Security number or confidential personal information.  For more details visit 
http://infosecurity.vcu.edu/phishing.

Current thread:

Re: Gmail for students and IMAP, (continued)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc. VP IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP Sarazen, Daniel (Jul 29)
- Re: Gmail for students and IMAP Stanclift, Michael (Jul 29)
- Re: Gmail for students and IMAP Dennis Meharchand (Jul 29)
- Re: Gmail for students and IMAP Sarazen, Daniel (Jul 29)
- Re: Gmail for students and IMAP Stanclift, Michael (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc. VP IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 29)
- Re: Gmail for students and IMAP Adam Nave (Jul 29)
- Re: Gmail for students and IMAP Vik Solem (Jul 29)
- Re: Gmail for students and IMAP Dergenski, Todd A. (Jul 29)
- Re: Gmail for students and IMAP Jeffrey I. Schiller (Jul 29)
- Re: Gmail for students and IMAP Valdis Kletnieks (Jul 29)
- Re: Gmail for students and IMAP Joel Rosenblatt (Jul 29)
- Re: Gmail for students and IMAP Greg Francis (Jul 29)
- Re: Gmail for students and IMAP Sauvigne, Craig M (Jul 29)
- Re: Gmail for students and IMAP Valdis Kletnieks (Jul 29)
- Re: Gmail for students and IMAP Jesse Thompson (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc of IS/IT & CIO (Jul 29)
- Re: Gmail for students and IMAP Tonkin, Derek K. (Jul 29)
- Re: Gmail for students and IMAP James M. Dutcher - Assoc of IS/IT & CIO (Jul 29)

(Thread continues...)