PLAIN authentication in Cyrus IMAPd
Ken Murchison
murch at andrew.cmu.edu
Mon Dec 21 12:40:09 EST 2009
David G McMurtrie wrote:
> On Mon, 21 Dec 2009, Torsten Schlabach wrote:
>
>> Dear list!
>>
>> I am using Cyrus IMAPd 2.2.13 on Debian Lenny. I tried to configure my
>> IMAPd to allow PLAIN authentication, even over non-encrypted
>> connections. (This is a pure Intranet deployment and I understand the
>> risk.)
>>
>> Despite setting the appropriate options in imapd.conf, i.e.:
>>
>> sasl_mech_list: PLAIN
>> sasl_minimum_layer: 0
>>
>> the server just refuses to announce PLAIN as an authentication mechanism.
>
> I think you have to set "allowplaintext: 1" in your imapd.conf and also
> specify your imap service in cyrus.conf as cmd="imapd -p 2" to tell it
> there's an external security layer in place.
The two methods that Dave mentions are mutually exclusive. Either one
by itself should work. The 'allowplaintext' option works across all
services. The '-p 2' option can be specified on a per-service basis,
perhaps on the imapd listening on a private network, while the public
network still requires PLAIN+TLS.
--
Kenneth Murchison
Systems Programmer
Carnegie Mellon University
More information about the Cyrus-devel
mailing list