[Dovecot] Plaintext Authentication from Localhost

Paul C. Bryan email at pbryan.net
Tue Oct 7 02:08:46 EEST 2003


Hi:

It appears that at least at one time, Dovecot supported plaintext 
authentication from localhost, even if disable_plaintext_auth = yes. To wit, 
the example configuration file reads:

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
# IPv6 ::1 addresses are considered secure, this setting has no effect if
# you connect from those addresses.
#disable_plaintext_auth = yes

On brief inspection of the code, there doesn't seem to be any such support. 
This is corroborated by the fact that 0.99.10 (Debian package) behaves by 
disallowing plaintext authentication via connections on localhost.

This is a particularly useful feature, as local webmail clients can safely 
authenticate via the local interface without requiring secure authentication.

So, the question is, is Dovecot supposed to support plaintext auth via 
localhost even if disallowed in dovecot.conf? If so, any suggestions as to 
what I may be doing wrong?

Yours truly,

Paul C. Bryan
email at pbryan.net



More information about the dovecot mailing list