Hi Ken, Hi David! > I think you have to set "allowplaintext: 1" in your imapd.conf
My apologies; i had that, I just forgot to mention. Also making some more experiments, I found that my problem is *not* that PLAIN is not enabled. The problem seems to be that it's not accounced in the CAPABILITY. It actually does work, even when it's not announced. But unfortunately, my client will not even try, but just says: No mechs available! In detail: I have in my imapd.conf: sasl_mech_list: PLAIN sasl_minimum_layer: 0 allowplaintext: 1 My capabilities string looks like this: S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE MUPDATE=mupdate://192.168.9.10/ S: C01 OK Completed Now I change one line sasl_mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5 and my capabilities string looks like this: S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE MUPDATE=mupdate://192.168.9.10/ AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR S: C01 OK Completed Is it a rule that AUTH=PLAIN and AUTH=LOGIN are never advertised even if they are enabled? Regards, Torsten -------- Original-Nachricht -------- > Datum: Mon, 21 Dec 2009 12:40:09 -0500 > Von: Ken Murchison <mu...@andrew.cmu.edu> > An: cyrus-devel@lists.andrew.cmu.edu > Betreff: Re: PLAIN authentication in Cyrus IMAPd > > > David G McMurtrie wrote: > > On Mon, 21 Dec 2009, Torsten Schlabach wrote: > > > >> Dear list! > >> > >> I am using Cyrus IMAPd 2.2.13 on Debian Lenny. I tried to configure my > >> IMAPd to allow PLAIN authentication, even over non-encrypted > >> connections. (This is a pure Intranet deployment and I understand the > >> risk.) > >> > >> Despite setting the appropriate options in imapd.conf, i.e.: > >> > >> sasl_mech_list: PLAIN > >> sasl_minimum_layer: 0 > >> > >> the server just refuses to announce PLAIN as an authentication > mechanism. > > > > I think you have to set "allowplaintext: 1" in your imapd.conf and also > > specify your imap service in cyrus.conf as cmd="imapd -p 2" to tell it > > there's an external security layer in place. > > The two methods that Dave mentions are mutually exclusive. Either one > by itself should work. The 'allowplaintext' option works across all > services. The '-p 2' option can be specified on a per-service basis, > perhaps on the imapd listening on a private network, while the public > network still requires PLAIN+TLS. > > -- > Kenneth Murchison > Systems Programmer > Carnegie Mellon University