[POLL] Defaulting allowplaintext to disabled

Ken Murchison murch at andrew.cmu.edu
Wed Mar 28 07:08:43 EST 2007

Martin Konold wrote:
> Am Tuesday 27 March 2007 schrieb Ken Murchison:
> Hi Ken,
>> control both the protocol-specific plaintext login commands (IMAP,
>> mechanisms (PLAIN, LOGIN). 
> Yes, this is a good idea.
>> Since sending passwords in the clear sucks, and I would like to think
>> that most reasonable admins disable this option anyways, would anyone
>> have a major gripe if we change the allowplaintext option to default to
>> disabled in the 2.3.9 release?
> I think this is absolutly sane and actually what todays administrators expect.
>> Obviously, we will document this change 
>> prominently in the release notes.
>> https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2922
> What about adding an option to limit the plaintext login commands to 
> IPs/IP-Range? For all useful purposes I can imagine this would be really 
> helpful.

I don't want to make this one option too complicated.  What you propose 
can be accomplished by using proper service lines in cyrus.conf.  You 
can specify a particular hostname/IP in the 'listen' parameter, and you 
can either use a special imapd.conf file allowing plaintext, or you can 
use the '-p 2' command line option.

Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University

More information about the Cyrus-devel mailing list