Change in allowplaintext behaviour in 2.3.9?

John Capo jc at irbs.com
Fri Aug 31 19:42:38 EDT 2007


Quoting Nels Lindquist (nlindq at maei.ca):
> Hi there.
> 
> I understand that the default for "allowplaintext" is now off in 2.3.9,
> which seems like a perfectly fine change.
> 
> However, I'm also noticing a behavioural change when allowplaintext is
> enabled.
> 
> With 2.3.8 and "allowplaintext" on, PLAIN and LOGIN methods were only
> explicitly offered when a secure connection was present.  I've upgraded
> to 2.3.9 (via Simon's RPM) and now "AUTH=PLAIN AUTH=LOGIN" are
> immediately offered even when no TLS/SSL encryption is enabled.
> 
> Was this an intentional change?
> 

Thos fixes another allowplaintext: 1 problem.

    /* authstate already created by mysasl_proxy_policy() */
    /* Not when using login and allowplaintext.  imapd_authstate is NULL
    */
    if (imapd_authstate == NULL)
        imapd_authstate = auth_newstate(imapd_userid);

With allowplaintext: 1 a user can login but access to the mailbox is denied.

John Capo



More information about the Info-cyrus mailing list