Sam Varshavchik wrote: > Ethan Weinstein writes: > >> Hello, >> >> Currently I have Courier-IMAP setup to fetch usernames and passwords >> from mysql. The passwords are stored plaintext in the db. This allows >> CRAM-MD5 auth to work, and it does nicely. The only issue I have is >> that LOGIN auth is still accepted, even though I don't advertise it as a >> CAPABILITY. Is there a way to disable LOGIN auth, while still using >> Mysql and only use CRAM-MD5? I find that some IMAP clients use LOGIN >> regardless of the fact that only CRAM-MD5 is advertised, and I'd like to >> put a stop to this. > > > You need a to use the big foam cluebat, in these cases. >
The big foam cluebat.. Ok. Much thanks, I ask a question and get insulted. I've seen far stupider questions asked on the list.
The documentation makes no mention of this situation. It only states that if you use cleartext passwords with mysql/pgsql/ldap then CRAM-MD5 will be available.
I don't see why the server can't be configured to disallow LOGIN when a strong method is offered. Sure, mysql stores the passwords cleartext.. so why have the CRAM-MD5 routine in there in the first place if LOGIN or PLAIN can't be disabled? I chose mysql for this reason (I thought).
If I use CRAM-MD5 with userdb, LOGIN/PLAIN don't work.. and that makes sense. So.. why use CRAM-MD5 with mysql if clients will choose the weak method anyway?
Escape character is '^]'. * OK Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information. 1 capability * CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 IDLE 1 OK CAPABILITY completed
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
