[Dovecot] selective disable_plaintext_auth
Hi,
I've been using dovecot for some time now, always with the setting:
disable_plaintext_auth = yes
so that no user can accidentally expose their username/password in the open.
However, I'm now trying to configure a webmail client in a nearby server which doesn't support TLS or SSL IMAP connections :-(
Is there any way to allow plaintext_auth only for a small set of IP addresses (for what I see in the comment, this is automatic for local addresses, alas, the webmail client is on another host).
TIA
-- Mariano Absatz - "El Baby" el.baby@gmail.com www.clueless.com.ar
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- Theory is when you know something but it doesn't work.
- Practice is when something works but you don't know why.
Usually we combine theory and practice: Nothing works and we don't know why.
- TagZilla 0.066 * http://tagzilla.mozdev.org
On Tue, 2009-11-10 at 17:41 -0300, Mariano Absatz wrote:
Is there any way to allow plaintext_auth only for a small set of IP addresses (for what I see in the comment, this is automatic for local addresses, alas, the webmail client is on another host).
# Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks =
On Tue, Nov 10, 2009 at 19:44, Timo Sirainen tss@iki.fi wrote:
On Tue, 2009-11-10 at 17:41 -0300, Mariano Absatz wrote:
Is there any way to allow plaintext_auth only for a small set of IP addresses (for what I see in the comment, this is automatic for local addresses, alas, the webmail client is on another host).
# Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks = It seems my version is too old for this... I'm using the standard ubuntu server package (1.1.11-0ubuntu4.1 http://packages.ubuntu.com/jaunty-updates/dovecot-imapd), which seems to be 1.1.11 plus security patches...
In what version did this feature appears?
-- Mariano Absatz - El Baby www.clueless.com.ar
On Wed, 2009-11-11 at 02:16 -0300, Mariano Absatz wrote:
#login_trusted_networks = It seems my version is too old for this... I'm using the standard ubuntu server package (1.1.11-0ubuntu4.1 http://packages.ubuntu.com/jaunty-updates/dovecot-imapd), which seems to be 1.1.11 plus security patches...
In what version did this feature appears?
Looks like it's only in v1.2.
participants (2)
-
Mariano Absatz
-
Timo Sirainen