Gary Mills wrote: > Why does the server have so much control over these authentication > mechanisms? It seems to me that the IMAP client, configured by the > user, should be able to chose what level of security is appropriate. > Wouldn't it be better if the server offered all authentication > mechanisms, regardless of the type of connection?
I understand your point, but I disagree. Expecting your users to be security conscious, in most cases, is far beyond what is reasonable. Users expect the administrators and application programmers to have taken care of security for them. > > My problem is that I would like our Cyrus server to offer AUTH=PLAIN > to make use of the proxy authentication for administrative purposes. > Our internal servers are on a fully switched network, with no opportunity > for packet sniffing. How can I get the Cyrus IMAP and sieve servers > to offer AUTH=PLAIN to clients on the internal network? SSL should > not be necessary for this. > If you are confident with your security, and it seems you are, you can use the -p option to set the protection level in sasl. -p 2 should be enough to enable AUTH=PLAIN.
