From: Ken Murchison (no email)
Date: Tue Apr 04 2006 - 10:56:48 EDT
Kjetil Torgrim Homme wrote:
> On Mon, 2006-04-03 at 09:48 -0500, Richard Wohlstadter wrote:
>> Nikola Milutinovic wrote:
>>> I have set this option to "no". When I setup my client (Thunderbird) to use TLS
>>> and PLAIN, it says "Server refused... blah, blah". When I set it to use SSL and
>>> PLAIN, I can login.
>> We use Thunderbird 1.5 and it does not work(bug) with regards to TLS and
>> connecting to Cyrus so we currently use SSL as well. I just tested the
>> latest build of Thunderbird (Version 3 Alpha 1) and the TLS to cyrus
>> works fine. Looks like you need to wait for the next stable release of
>> Thunderbird or use the alpha.
>
> I'd just like to confirm that Thunderbird 1.5 is broken. we refuse
> logins until after STARTTLS, but Thunderbird considers that the
> capability "LOGINDISABLED" means "login is disabled", not "the protocol
> command LOGIN is disabled", so it will pop up a message about the server
> not currently accepting logins and refuse to work.
>
> if we remove LOGINDISABLED from the capability response, it will happily
> try to authenticate _before_ STARTTLS, thereby sending the password in
> the clear... it's amazing they could break IMAP this badly.
Hmm. I'm running Thunderbird on my local dev box (Cyrus 2.3 CVS) with
allowplaintext:0 and its behaves just fine.
-- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|