On Mon, 3 Apr 2006, Nikola Milutinovic wrote:
Hi all.
It looks like I've hit a minor bug in Cyrus. It has to do with "allowplaintext"
option.
I have set this option to "no". When I setup my client (Thunderbird) to use TLS
and PLAIN, it says "Server refused... blah, blah". When I set it to use SSL and
PLAIN, I can login.
From this I can only conclude that the server is not advertising AUTH=PLAIN if
the connection is over TLS, while it is advertizing it over SSL. I'd say this
is a bug, since TLS does/should provide SSF=256.
If I understand correctly, SSL is a SSL wrapper over the connection and it gets
established BEFORE IMAP connection is established. TLS, on the other hand, is
initiated within an established IMAP connection. I'd say TLS code is forgetting
to raise SSF to 256, upon successful establishing of encrypted communication.
Nix.
It works for us.
Have you tried imtest?
imtest -m PLAIN -t "" hostname
This should do a CAPABILITY call, AUTH=PLAIN won't be advertised, and then
it should to a STARTTLS and then another CAPABILITY call and AUTH=PLAIN
will now be advertised since the connection is secure.
-Partick
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
