Allow plaintext and TLS
Ken Murchison
murch at andrew.cmu.edu
Tue Apr 4 10:56:48 EDT 2006
Kjetil Torgrim Homme wrote:
> On Mon, 2006-04-03 at 09:48 -0500, Richard Wohlstadter wrote:
>> Nikola Milutinovic wrote:
>>> I have set this option to "no". When I setup my client (Thunderbird) to use TLS
>>> and PLAIN, it says "Server refused... blah, blah". When I set it to use SSL and
>>> PLAIN, I can login.
>> We use Thunderbird 1.5 and it does not work(bug) with regards to TLS and
>> connecting to Cyrus so we currently use SSL as well. I just tested the
>> latest build of Thunderbird (Version 3 Alpha 1) and the TLS to cyrus
>> works fine. Looks like you need to wait for the next stable release of
>> Thunderbird or use the alpha.
>
> I'd just like to confirm that Thunderbird 1.5 is broken. we refuse
> logins until after STARTTLS, but Thunderbird considers that the
> capability "LOGINDISABLED" means "login is disabled", not "the protocol
> command LOGIN is disabled", so it will pop up a message about the server
> not currently accepting logins and refuse to work.
>
> if we remove LOGINDISABLED from the capability response, it will happily
> try to authenticate _before_ STARTTLS, thereby sending the password in
> the clear... it's amazing they could break IMAP this badly.
Hmm. I'm running Thunderbird on my local dev box (Cyrus 2.3 CVS) with
allowplaintext:0 and its behaves just fine.
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
More information about the Info-cyrus
mailing list