PLAIN authentication in Cyrus IMAPd

Ken Murchison murch at
Mon Dec 21 12:40:09 EST 2009

David G McMurtrie wrote:
> On Mon, 21 Dec 2009, Torsten Schlabach wrote:
>> Dear list!
>> I am using Cyrus IMAPd 2.2.13 on Debian Lenny. I tried to configure my
>> IMAPd to allow PLAIN authentication, even over non-encrypted
>> connections. (This is a pure Intranet deployment and I understand the 
>> risk.)
>> Despite setting the appropriate options in imapd.conf, i.e.:
>> sasl_mech_list: PLAIN
>> sasl_minimum_layer: 0
>> the server just refuses to announce PLAIN as an authentication mechanism.
> I think you have to set "allowplaintext: 1" in your imapd.conf and also 
> specify your imap service in cyrus.conf as cmd="imapd -p 2" to tell it 
> there's an external security layer in place.

The two methods that Dave mentions are mutually exclusive.  Either one 
by itself should work.  The 'allowplaintext' option works across all 
services.  The '-p 2' option can be specified on a per-service basis, 
perhaps on the imapd listening on a private network, while the public 
network still requires PLAIN+TLS.

Kenneth Murchison
Systems Programmer
Carnegie Mellon University

More information about the Cyrus-devel mailing list