Hello, I want to allow plaintext auth only for SquirrelMail (running on the Cyrus IMAPd server), and require encrypted authentication over all physical network connections. I see several options governing plaintext auth in the documentation for imap.conf: > allowplaintext: 1 > Allow the use of cleartext passwords on the wire. > plaintextloginpause: 0 > Number of seconds to pause after a successful plaintext login. For systems that support strong authentication, this permits users to perceive a cost of using plaintext passwords. (This does not affect the use of PLAIN in SASL authentications.) > plaintextloginalert: <none> > Message to send to client after a successful plaintext login. In addition, my Invoca 2.3.7 RPM includes: > allowplainwithouttls: 0 > Allow plain login mechanism without an encrypted connection. So I'm left wondering: a) if there is a way to do this that I'm not getting (perhaps "on the wire" is more subtle than my simplistic reading), and b) if not, what's the best way to request/suggest this as an enhancement. Should I just open a bug in Bugzilla, or is there a better way? Thanks, Chris Pepper -- Chris Pepper: <http://www.reppep.com/~pepper/> <http://www.extrapepperoni.com/> The Rockefeller University: <http://www.rockefeller.edu/> ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
