Authenticating to IMAP with PLAIN or LOGIN over non-tls/ssl connections

Roland Pope rpope at
Tue Aug 12 17:04:45 EDT 2003


Thanks for you suggestions, and yes, 'sasl_minimum_laer' was a typo. I have
allowplaintext turned on already as we have IMAP clients already using the
LOGIN command over a non-tls connections (which is already insecure). What I
need to pe able to do is proxy authenticate as another user using a
plaintext admin usercode/password. Ken Murchison pointed me in the right
direction wich was to start my IMAPd in cyrus.conf with the '-p 2'
parameter. This tells IMAPd that there is already a security layer outside
of it so it can allow plain text authentications.

----- Original Message ----- 
From: "Chris Hilts" <chilts at>
> I'm wondering if there is a configurable way of allowing plaintext imap
> authentications over a non-encrypted link. I have set 'sasl_minimum_laer:
> 0'

I'll assume that's a typo, and you really have sasl_minimum_layer.

> in imapd.conf which I thought would do it, but this doesn't seem to help.
> When I connect via IMAPS I can use PLAIN and LOGIN authentications, but
> these are denied for unencrypted imap connections.

You are aware of the potential security implications of doing this, right?
 Try the 'allowplaintext' directive.

Chris Hilts
chilts at

More information about the Info-cyrus mailing list