I have been running imapd on OS X for about a year using SSL (standard build). I would like to configure imapd to allow plaintext logins for clients from the localhost, but refuse plaintext otherwise. My motivation is that I want to provide a webmail client, but none of the clients that I've investigated (SquirrelMail, IlohaMail, etc.) support SSL. Since the http and mail server are on the same host and the web client is connecting via https, then IMAP/SSL is unnecessary anyway. Does anyone have a recommendation for such a configuration?
Second, assuming that I must allow plaintext, I attempted to build a working imapd with plaintext support. I did makes with both ssltype=unix and ssltype=none. In either case, AUTHENTICATE LOGIN fails. Again, authentication works fine for SSL (AUTHENTICATE PLAIN). I don't understand the difference between LOGIN and PLAIN authentication, but I couldn't find an explanation in rfc2222 (SASL) or rfc3501 (IMAP4).
I suspect that this might have something to do with pam, but I'm not sure where to turn.
Any advice would be most appreciated.
Thanks in advance, David
== mtest with SSLTYPE=none ==
./mtest
MTest -- C client test program
warning: this program uses gets(), which is unsafe.
Personal name:
Debug protocol (y/n)?y
Mailbox ('?' for help): {localhost/user=jsmith}inbox
[Trying IP address [127.0.0.1]]
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=LOGIN] localhost IMAP4rev1 2003.347 at Thu, 30 Dec 2004 23:26:08 -0500 (EST)
00000000 AUTHENTICATE LOGIN
+ VXNlciBOYW1lAA==
{localhost/imap/user="jsmith"} password:
<suppressed>
+ UGFzc3dvcmQA
<suppressed>
00000000 NO AUTHENTICATE LOGIN failed
== mtest with default SSL ==
./mtest
MTest -- C client test program
warning: this program uses gets(), which is unsafe.
Personal name:
Debug protocol (y/n)?y
Mailbox ('?' for help): {localhost/user=jsmith/novalidate-cert}inbox
[Trying IP address [127.0.0.1]]
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS LOGINDISABLED] localhost IMAP4rev1 2003.347 at Thu, 30 Dec 2004 23:41:56 -0500 (EST)
00000000 STARTTLS
00000000 OK STARTTLS completed
00000001 CAPABILITY
* CAPABILITY IMAP4REV1 LITERAL+ IDLE NAMESPACE MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND SASL-IR LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN
00000001 OK CAPABILITY completed
00000002 AUTHENTICATE PLAIN
+
{localhost/imap/user="jsmith"} password:
<suppressed>
00000002 OK [CAPABILITY IMAP4REV1 LITERAL+ IDLE NAMESPACE MAILBOX-REFERRALS BINARY UNSELECT SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] User jsmith authenticated
--
------------------------------------------------------------------
For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html
------------------------------------------------------------------
