Hi Folks- I'm using Cyrus IMAPd v2.2.12.
I'd like to allow clients to authenticate using the plaintext mechanism, but only if those connections are secured with TLS. Is there a way to do so? I have the following settings in imapd.conf: sasl_minimum_layer: 56 allowplaintext: yes But I can still connect to the server with unencrypted connections and do plaintext authentication. According to man imapd.conf: sasl_minimum_layer: 0 The minimum SSF that the server will allow a client to negotiate. A value of 1 requires integrity protection; any higher value requires some amount of encryption. Before using the sasl_minimum_layer parameter at all, the server was allowing plaintext logins that were encrypted with TLS and those that were not. I figured that by setting this parameter to 2, I would accomplish my goal of allowing plaintext logins but only if encrypted with TLS and denying unencrypted plaintext logins. When the setting of 2 failed, I tried 56, but it too allows unencrypted plaintext authentication. Is this a bug or am I missing something? TIA. -Kevin ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
