Authenticating to IMAP with PLAIN or LOGIN over non-tls/ssl connections
Roland Pope
rpope at jadeworld.com
Tue Aug 12 17:04:45 EDT 2003
Chris,
Thanks for you suggestions, and yes, 'sasl_minimum_laer' was a typo. I have
allowplaintext turned on already as we have IMAP clients already using the
LOGIN command over a non-tls connections (which is already insecure). What I
need to pe able to do is proxy authenticate as another user using a
plaintext admin usercode/password. Ken Murchison pointed me in the right
direction wich was to start my IMAPd in cyrus.conf with the '-p 2'
parameter. This tells IMAPd that there is already a security layer outside
of it so it can allow plain text authentications.
Thanks
Roland
----- Original Message -----
From: "Chris Hilts" <chilts at birdbrained.org>
> I'm wondering if there is a configurable way of allowing plaintext imap
> authentications over a non-encrypted link. I have set 'sasl_minimum_laer:
> 0'
I'll assume that's a typo, and you really have sasl_minimum_layer.
> in imapd.conf which I thought would do it, but this doesn't seem to help.
> When I connect via IMAPS I can use PLAIN and LOGIN authentications, but
> these are denied for unencrypted imap connections.
You are aware of the potential security implications of doing this, right?
Try the 'allowplaintext' directive.
--
Chris Hilts
chilts at birdbrained.org
More information about the Info-cyrus
mailing list