--- cyrus-imapd-2.2.6/man/imapd.8.plaintext 2002-10-03 21:02:41.000000000 +0200 +++ cyrus-imapd-2.2.6/man/imapd.8 2004-06-23 15:20:41.000000000 +0200 @@ -64,6 +64,9 @@ .B \-s ] [ +.B \-t +] +[ .B \-p .I ssf ] @@ -137,6 +140,11 @@ .I imapd is encrypted using the Secure Sockets Layer. .TP +.BI \-t +Do not allow the use of cleartext passwords on the wire. Equivalent to setting +.I allowplaintext: no +in the configuration file. +.TP .BI \-p " ssf" Tell .I imapd --- cyrus-imapd-2.2.6/man/pop3d.8.plaintext 2002-10-03 21:02:41.000000000 +0200 +++ cyrus-imapd-2.2.6/man/pop3d.8 2004-06-23 15:20:41.000000000 +0200 @@ -64,6 +64,9 @@ .B \-s ] [ +.B \-t +] +[ .B \-k ] .SH DESCRIPTION @@ -114,6 +117,11 @@ .I pop3d is encrypted using the Secure Sockets Layer. .TP +.BI \-t +Do not allow the use of cleartext passwords on the wire. Equivalent to setting +.I allowplaintext: no +in the configuration file. +.TP .B \-k Serve MIT's KPOP (Kerberized POP) protocol instead. .SH FILES --- cyrus-imapd-2.2.6/imap/imapd.c.plaintext 2004-06-23 15:20:41.000000000 +0200 +++ cyrus-imapd-2.2.6/imap/imapd.c 2004-06-23 15:23:32.000000000 +0200 @@ -105,6 +105,7 @@ static char shutdownfilename[1024]; static int imaps = 0; static sasl_ssf_t extprops_ssf = 0; +static int imapd_allow_plaintext = 0; /* per-user/session state */ struct protstream *imapd_out = NULL; @@ -550,7 +551,10 @@ snmp_connect(); /* ignore return code */ snmp_set_str(SERVER_NAME_VERSION,CYRUS_VERSION); - while ((opt = getopt(argc, argv, "sp:")) != EOF) { + /* set defaults for allowplaintext */ + imapd_allow_plaintext=config_getswitch(IMAPOPT_ALLOWPLAINTEXT); + + while ((opt = getopt(argc, argv, "stp:")) != EOF) { switch (opt) { case 's': /* imaps (do starttls right away) */ imaps = 1; @@ -563,6 +567,9 @@ case 'p': /* external protection */ extprops_ssf = atoi(optarg); break; + case 't': /* allowplaintext: no */ + imapd_allow_plaintext=0; + break; default: break; } @@ -1737,7 +1744,7 @@ /* possibly disallow login */ if ((imapd_starttls_done == 0) && - (config_getswitch(IMAPOPT_ALLOWPLAINTEXT) == 0) && + (imapd_allow_plaintext == 0) && !is_userid_anonymous(canon_user)) { eatline(imapd_in, ' '); prot_printf(imapd_out, "%s NO Login only available under a layer\r\n", @@ -2268,7 +2275,7 @@ prot_printf(imapd_out, " STARTTLS"); } if (imapd_authstate || - (!imapd_starttls_done && !config_getswitch(IMAPOPT_ALLOWPLAINTEXT))) { + (!imapd_starttls_done && !imapd_allow_plaintext)) { prot_printf(imapd_out, " LOGINDISABLED"); } --- cyrus-imapd-2.2.6/imap/pop3d.c.plaintext 2004-06-23 15:20:41.000000000 +0200 +++ cyrus-imapd-2.2.6/imap/pop3d.c 2004-06-23 15:20:41.000000000 +0200 @@ -125,6 +125,7 @@ static int pop3s = 0; int popd_starttls_done = 0; +static int popd_allow_plaintext = 0; static struct mailbox mboxstruct; @@ -308,7 +309,10 @@ fatal(error_message(r), EC_CONFIG); } - while ((opt = getopt(argc, argv, "sk")) != EOF) { + /* set defaults for allowplaintext */ + popd_allow_plaintext=config_getswitch(IMAPOPT_ALLOWPLAINTEXT); + + while ((opt = getopt(argc, argv, "skt")) != EOF) { switch(opt) { case 's': /* pop3s (do starttls right away) */ pop3s = 1; @@ -322,6 +326,9 @@ case 'k': kflag++; break; + case 't': /* allowplaintext: no */ + popd_allow_plaintext=0; + break; default: usage(); } @@ -1051,7 +1058,7 @@ /* possibly disallow USER */ if (!(kflag || popd_starttls_done || - config_getswitch(IMAPOPT_ALLOWPLAINTEXT))) { + popd_allow_plaintext)) { prot_printf(popd_out, "-ERR [AUTH] USER command only available under a layer\r\n"); return; @@ -1190,7 +1197,7 @@ if (!popd_mailbox && !backend && (kflag || popd_starttls_done - || config_getswitch(IMAPOPT_ALLOWPLAINTEXT))) { + || popd_allow_plaintext)) { prot_printf(popd_out, "USER\r\n"); }