Hi:
It appears that at least at one time, Dovecot supported plaintext authentication from localhost, even if disable_plaintext_auth = yes. To wit, the example configuration file reads:
# Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and # IPv6 ::1 addresses are considered secure, this setting has no effect if # you connect from those addresses. #disable_plaintext_auth = yes
On brief inspection of the code, there doesn't seem to be any such support. This is corroborated by the fact that 0.99.10 (Debian package) behaves by disallowing plaintext authentication via connections on localhost.
This is a particularly useful feature, as local webmail clients can safely authenticate via the local interface without requiring secure authentication.
So, the question is, is Dovecot supposed to support plaintext auth via localhost even if disallowed in dovecot.conf? If so, any suggestions as to what I may be doing wrong?
Yours truly,
Paul C. Bryan email@pbryan.net