Change in allowplaintext behaviour in 2.3.9?
John Capo
jc at irbs.com
Fri Aug 31 19:42:38 EDT 2007
Quoting Nels Lindquist (nlindq at maei.ca):
> Hi there.
>
> I understand that the default for "allowplaintext" is now off in 2.3.9,
> which seems like a perfectly fine change.
>
> However, I'm also noticing a behavioural change when allowplaintext is
> enabled.
>
> With 2.3.8 and "allowplaintext" on, PLAIN and LOGIN methods were only
> explicitly offered when a secure connection was present. I've upgraded
> to 2.3.9 (via Simon's RPM) and now "AUTH=PLAIN AUTH=LOGIN" are
> immediately offered even when no TLS/SSL encryption is enabled.
>
> Was this an intentional change?
>
Thos fixes another allowplaintext: 1 problem.
/* authstate already created by mysasl_proxy_policy() */
/* Not when using login and allowplaintext. imapd_authstate is NULL
*/
if (imapd_authstate == NULL)
imapd_authstate = auth_newstate(imapd_userid);
With allowplaintext: 1 a user can login but access to the mailbox is denied.
John Capo
More information about the Info-cyrus
mailing list