On October 7, 2003, I noted that the following was not actually implemented in the released version of Dovecot:
# Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and # IPv6 ::1 addresses are considered secure, this setting has no effect if # you connect from those addresses. #disable_plaintext_auth = yes
I was specifically referencing the nice feature that 127.* are considered secure, and therefore not subject to the disable_plaintext_auth restriction. This is nice for local services like webmail servers would not require SSL to securely authenticate with the IMAP server.
Timo responded that it was only added a few weeks ago, and it was only in the CVS version of Dovecot at that time.
I've noticed that the feature still hadn't made it into any release version, but is still present in the CVS version. I'm just curious if there is any possibility of it getting into a release version prior to 1.0?
Paul