[Dovecot] Plaintext Authentication from Localhost

Paul C. Bryan email at pbryan.net
Thu Aug 26 08:18:48 EEST 2004

On October 7, 2003, I noted that the following was not actually implemented 
in the released version of Dovecot:

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
# IPv6 ::1 addresses are considered secure, this setting has no effect if
# you connect from those addresses.
#disable_plaintext_auth = yes

I was specifically referencing the nice feature that 127.* are considered 
secure, and therefore not subject to the disable_plaintext_auth restriction. 
This is nice for local services like webmail servers would not require SSL 
to securely authenticate with the IMAP server.

Timo responded that it was only added a few weeks ago, and it was only in 
the CVS version of Dovecot at that time.

I've noticed that the feature still hadn't made it into any release version, 
but is still present in the CVS version. I'm just curious if there is any 
possibility of it getting into a release version prior to 1.0?


More information about the dovecot mailing list