missing plain authentication?

Ross Boylan ross at biostat.ucsf.edu
Sat Jul 22 12:22:21 EDT 2006


On Sat, Jul 22, 2006 at 08:18:26AM +0200, Pascal Gienger wrote:
> Ross Boylan <ross at biostat.ucsf.edu> wrote:
> 
> >No; that was a transcription error.  Sorry about that.
> >So the original file has
> >allowplaintext: yes
> 
> This is the traditional imap plaintext login without sasl. IMAP4 has 
> plaintext authentication as a builtin. The syntax is

My imapd.conf man page says
"Allow use of the SASL PLAIN mechanism"

Overview and Concepts doc says "To disallow the use of plaintext
passwords for authentication, you can set allowplaintext: no in
imapd.conf.  This will still allow PLAIN under TLS, but IMAP LOGIN
commands will now fail."

My reading is that allowplaintext controls both IMAP login and SASL
PLAIN, though the two documents seem to contradict each other at one
point: the first implies a no disables SASL PLAIN completely, while
the second says it is still permitted under TLS.

As I noted in an earlier message, other documents may imply SASL PLAIN
is never permitted except under encryption.  Or they may imply it's
never advertised except under encryption; I can't tell.

Ross


More information about the Info-cyrus mailing list