Authenticating to IMAP with PLAIN or LOGIN over non-tls/ssl connections

Roland Pope rpope at jadeworld.com
Tue Aug 12 17:04:45 EDT 2003


Chris,

Thanks for you suggestions, and yes, 'sasl_minimum_laer' was a typo. I have
allowplaintext turned on already as we have IMAP clients already using the
LOGIN command over a non-tls connections (which is already insecure). What I
need to pe able to do is proxy authenticate as another user using a
plaintext admin usercode/password. Ken Murchison pointed me in the right
direction wich was to start my IMAPd in cyrus.conf with the '-p 2'
parameter. This tells IMAPd that there is already a security layer outside
of it so it can allow plain text authentications.

Thanks
Roland
----- Original Message ----- 
From: "Chris Hilts" <chilts at birdbrained.org>
> I'm wondering if there is a configurable way of allowing plaintext imap
> authentications over a non-encrypted link. I have set 'sasl_minimum_laer:
> 0'

I'll assume that's a typo, and you really have sasl_minimum_layer.

> in imapd.conf which I thought would do it, but this doesn't seem to help.
> When I connect via IMAPS I can use PLAIN and LOGIN authentications, but
> these are denied for unencrypted imap connections.

You are aware of the potential security implications of doing this, right?
 Try the 'allowplaintext' directive.


-- 
Chris Hilts
chilts at birdbrained.org





More information about the Info-cyrus mailing list