[horde] SOLVED Horde 5.0.4 IMP problems...
Michael M Slusarz
slusarz at horde.org
Wed Mar 6 03:10:12 UTC 2013
Quoting Michael Robinson <plug_1 at robinson-west.com>:
> Please don't expect people to magically know that they have to create a
> backend.local.php file under imp/config to be able to support plaintext
> authentication.
Patches/suggestions on how to improve are greatly appreciated.
> The expectation is that IMP's graphical configuration
> tool will take care of this, but it doesn't.
Where do you get this expectation from?
> I
> realize there is a desire to push people away from cleartext
> authentication, but for those of us who have to throw something together
> fast, cleartext authentication is preferable to TLS.
Except this statement is flat wrong. Read RFC 3501. IMAP servers
MUST offer STARTTLS (Section 6.1.1). IMAP servers SHOULD NOT ever
allow plaintext authentication (Section 6.2.3). So the default
configuration for IMP obviously has to be TLS because:
1) It's the only method GUARANTEED to be available, so it will work
out of the box on ANY IMAP server
2) We try not to ship software that's insecure by default
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list