Although you can prevent modern clients from sending a plaintext password for all users, there is no way that you can prevent it for some and not for others. The only thing that you can do is disallow access to certain users -- after they have already sent their password in the clear.
The easiest routine to modify if you want to disable a user is routine pw_login() in env_unix.c. But, as noted above, although this will deny service it will not prevent the disclosure of the user's password. The default configuration of UW imapd does not allow any form of plaintext password authentication unless SSL or TLS encryption is in effect. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate.
