[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SOLVED Plaintext passwords IMAP please!
Thank you so much Peter!
This worked. I thought it was unlike SuSE to leave a way out of this.
I grepped for "I accept the risk" in the package documentation - nothing.
Grepped for "disable-plaintext", found it in imaprc, which describes the
c-client.cf file... however very little detail given and it said that the
default is already 0! Some slightly improved documentation - e.g. a note in
the README.SuSE would be helpful here.
David Fetter - with regard to your comments, yes I agree that it's fine to
change defaults on packages. I was concerned that as a responsible IT
professional that has carefully weighed up the security implications I
couldn't undo this without recompiling the package. In our case we are a
small company and anyway clients are using Outlook Express connecting using
plain text/pop3 to our ISP anyway!
----- Original Message -----
From: "Peter Hinterseer" <iceman@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, January 14, 2004 4:07 PM
Subject: Re: [suse-security] Plaintext passwords IMAP please!
> -- snipped a lot of "I tried..." and "...didn't work" --
> > Really it's such a simple thing I want to do!
> > Can anyone help?
> This is really not so hard to solve. SuSE's imap-2002 package released
> 8.2 and 9.0 has to
> be explicitly enabled to accept plaintext passwords. Some file in the
> documentation mentions that. It also warns of the risks. But if all
> using this IMAP server are as you told us behind a firewall, this should
> It is easily done by creating a file '/etc/c-client.cf' with the following
> I accept the risk
> set disable-plaintext 0
> WIthout the '--' of course... ;-)
> Note the part about the risk, they must be really paranoid about those
> plaintext passwords.
> Have fun,
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here