Authenticating to IMAP with PLAIN or LOGIN over non-tls/ssl connections
rpope at jadeworld.com
Tue Aug 12 17:04:45 EDT 2003
Thanks for you suggestions, and yes, 'sasl_minimum_laer' was a typo. I have
allowplaintext turned on already as we have IMAP clients already using the
LOGIN command over a non-tls connections (which is already insecure). What I
need to pe able to do is proxy authenticate as another user using a
plaintext admin usercode/password. Ken Murchison pointed me in the right
direction wich was to start my IMAPd in cyrus.conf with the '-p 2'
parameter. This tells IMAPd that there is already a security layer outside
of it so it can allow plain text authentications.
----- Original Message -----
From: "Chris Hilts" <chilts at birdbrained.org>
> I'm wondering if there is a configurable way of allowing plaintext imap
> authentications over a non-encrypted link. I have set 'sasl_minimum_laer:
I'll assume that's a typo, and you really have sasl_minimum_layer.
> in imapd.conf which I thought would do it, but this doesn't seem to help.
> When I connect via IMAPS I can use PLAIN and LOGIN authentications, but
> these are denied for unencrypted imap connections.
You are aware of the potential security implications of doing this, right?
Try the 'allowplaintext' directive.
chilts at birdbrained.org
More information about the Info-cyrus