[Dovecot] Plaintext Authentication from Localhost
Paul C. Bryan
email at pbryan.net
Thu Aug 26 08:18:48 EEST 2004
On October 7, 2003, I noted that the following was not actually implemented
in the released version of Dovecot:
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and
# IPv6 ::1 addresses are considered secure, this setting has no effect if
# you connect from those addresses.
#disable_plaintext_auth = yes
I was specifically referencing the nice feature that 127.* are considered
secure, and therefore not subject to the disable_plaintext_auth restriction.
This is nice for local services like webmail servers would not require SSL
to securely authenticate with the IMAP server.
Timo responded that it was only added a few weeks ago, and it was only in
the CVS version of Dovecot at that time.
I've noticed that the feature still hadn't made it into any release version,
but is still present in the CVS version. I'm just curious if there is any
possibility of it getting into a release version prior to 1.0?
Paul
More information about the dovecot
mailing list