[Dovecot] selective disable_plaintext_auth
Hi,
I've been using dovecot for some time now, always with the setting:
disable_plaintext_auth = yes
so that no user can accidentally expose their username/password in the open.
However, I'm now trying to configure a webmail client in a nearby server which doesn't support TLS or SSL IMAP connections :-(
Is there any way to allow plaintext_auth only for a small set of IP addresses (for what I see in the comment, this is automatic for local addresses, alas, the webmail client is on another host).
TIA
-- Mariano Absatz - "El Baby" el.baby@gmail.com www.clueless.com.ar
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- Theory is when you know something but it doesn't work.
- Practice is when something works but you don't know why.
Usually we combine theory and practice: Nothing works and we don't know why.
- TagZilla 0.066 * http://tagzilla.mozdev.org
On Tue, 2009-11-10 at 17:41 -0300, Mariano Absatz wrote:
Is there any way to allow plaintext_auth only for a small set of IP addresses (for what I see in the comment, this is automatic for local addresses, alas, the webmail client is on another host).
Space separated list of trusted network ranges. Connections from these
IPs are allowed to override their IP addresses and ports (for logging and
for authentication checks). disable_plaintext_auth is also ignored for
these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks =
On Tue, Nov 10, 2009 at 19:44, Timo Sirainen <tss@iki.fi> wrote:
On Tue, 2009-11-10 at 17:41 -0300, Mariano Absatz wrote:
Is there any way to allow plaintext_auth only for a small set of IP addresses (for what I see in the comment, this is automatic for local addresses, alas, the webmail client is on another host).
Space separated list of trusted network ranges. Connections from these
IPs are allowed to override their IP addresses and ports (for logging and
for authentication checks). disable_plaintext_auth is also ignored for
these networks. Typically you'd specify your IMAP proxy servers here.
#login_trusted_networks = It seems my version is too old for this... I'm using the standard ubuntu server package (1.1.11-0ubuntu4.1 http://packages.ubuntu.com/jaunty-updates/dovecot-imapd), which seems to be 1.1.11 plus security patches...
In what version did this feature appears?
-- Mariano Absatz - El Baby www.clueless.com.ar
On Wed, 2009-11-11 at 02:16 -0300, Mariano Absatz wrote:
#login_trusted_networks = It seems my version is too old for this... I'm using the standard ubuntu server package (1.1.11-0ubuntu4.1 http://packages.ubuntu.com/jaunty-updates/dovecot-imapd), which seems to be 1.1.11 plus security patches...
In what version did this feature appears?
Looks like it's only in v1.2.
participants (2)
-
Mariano Absatz
-
Timo Sirainen