Plain Text Password Require TLS

Ken Murchison murch at andrew.cmu.edu
Tue Jan 15 12:34:08 EST 2008


Daniel Aquino wrote:
> I set it to the following:
> 
> sasl_minimum_layer: 256
> 
> tls works fine but it also appears that non tls connections are working as well.
> 
> Here is my test.
> 
> mockingbird:/usr/local/mail# imtest -a daniel at bayshorenetworks.com -w
> password  192.168.0.50
> S: * OK bayshorenetworks.com Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
> STARTTLS
> S: C01 OK Completed
> C: L01 LOGIN daniel at bayshorenetworks.com {8}
> S: + go ahead
> C: <omitted>
> S: L01 OK User logged in
> Authenticated.
> Security strength factor: 0
> C: Q01 LOGOUT
> Connection closed.
> 
> 
> As you can see it says L01 login ok.
> If I use tls (-s) then it says A01 login ok.
> 
> So why didn't the imapd.conf setting stop unencrypted logins?

Set

allowplaintext: 0

-- 
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University


More information about the Cyrus-sasl mailing list