[Dovecot] Plaintext Authentication from Localhost
Paul C. Bryan
email at pbryan.net
Tue Oct 7 11:08:46 EEST 2003
Hi:
It appears that at least at one time, Dovecot supported plaintext
authentication from localhost, even if disable_plaintext_auth = yes. To wit,
the example configuration file reads:
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
# IPv6 ::1 addresses are considered secure, this setting has no effect if
# you connect from those addresses.
#disable_plaintext_auth = yes
On brief inspection of the code, there doesn't seem to be any such support.
This is corroborated by the fact that 0.99.10 (Debian package) behaves by
disallowing plaintext authentication via connections on localhost.
This is a particularly useful feature, as local webmail clients can safely
authenticate via the local interface without requiring secure authentication.
So, the question is, is Dovecot supposed to support plaintext auth via
localhost even if disallowed in dovecot.conf? If so, any suggestions as to
what I may be doing wrong?
Yours truly,
Paul C. Bryan
email at pbryan.net
More information about the dovecot
mailing list