On Mon, 16 Aug 2004, Mark Crispin wrote: >On Thu, 29 Jul 2004, ml wrote: >> Is there a way to disable all SASL based authentication when compiling >> imap-2004a? > >Sorry for the delay in answering. > >The general answer to your question is "no"; however, you can modify the >source code. > >Why do you want to disable SASL authention? USER/PASS is very insecure >and should not be used.
Mark, Thanks for the response. I trust that you have had a good vacation. I understand that USER/PASS is insecure. However, there are [broken] servers out there which advertise "USER" and "AUTH CRAM-MD5" but in fact support "USER" only! So, when my c-client enabled stuff doesn't work with such servers, users would complain since their e-mail clients (e.g. Outlook) would work. Is there a way to force pop3.c to fall back to USER/PASS when CRAM-MD5 fails? For now, I have hacked pop3.c to make it use USER/PASS only. Thanks. Cheers, N.
