[POLL] Defaulting allowplaintext to disabled
martin.konold at erfrakon.de
Wed Mar 28 04:49:59 EST 2007
Am Tuesday 27 March 2007 schrieb Ken Murchison:
> control both the protocol-specific plaintext login commands (IMAP,
> LOGIN, POP3 USER/PASS, NNTP AUTHINFO USER/PASS), and the plaintext SASL
> mechanisms (PLAIN, LOGIN).
Yes, this is a good idea.
> Since sending passwords in the clear sucks, and I would like to think
> that most reasonable admins disable this option anyways, would anyone
> have a major gripe if we change the allowplaintext option to default to
> disabled in the 2.3.9 release?
I think this is absolutly sane and actually what todays administrators expect.
> Obviously, we will document this change
> prominently in the release notes.
What about adding an option to limit the plaintext login commands to
IPs/IP-Range? For all useful purposes I can imagine this would be really
-- martin konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Sitz: Stuttgart - Partnerschaftsregister Stuttgart PR 126
More information about the Cyrus-devel