I understand that USER/PASS is insecure. However, there are [broken] servers out there which advertise "USER" and "AUTH CRAM-MD5" but in fact support "USER" only! So, when my c-client enabled stuff doesn't work with such servers, users would complain since their e-mail clients (e.g. Outlook) would work.
If all you want to do is disable a particular SASL authenticator when it is broken on the server, then just do e.g.
mail_parameters (NIL,DISABLE_AUTHENTICATOR,"CRAM-MD5");
to disable CRAM-MD5.
This will still permit the use of other SASL authenticators. c-client will never use USER/PASS unless there are no suitable SASL authenticators.
You should never do this unilaterally; the user should be required to configure it. In particular, note that by default, modern versions of good POP3 servers disable the USER/PASS commands. So it is *NOT* a good idea to disable SASL and make a client use USER/PASS by default. In fact, it is a terrible idea.
-- Mark --
http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
