--- cyrus-imapd-2.2.6/man/imapd.8.plaintext 2002-10-03 21:02:41.000000000 +0200
+++ cyrus-imapd-2.2.6/man/imapd.8 2004-06-23 15:20:41.000000000 +0200
@@ -64,6 +64,9 @@
.B \-s
]
[
+.B \-t
+]
+[
.B \-p
.I ssf
]
@@ -137,6 +140,11 @@
.I imapd
is encrypted using the Secure Sockets Layer.
.TP
+.BI \-t
+Do not allow the use of cleartext passwords on the wire. Equivalent to setting
+.I allowplaintext: no
+in the configuration file.
+.TP
.BI \-p " ssf"
Tell
.I imapd
--- cyrus-imapd-2.2.6/man/pop3d.8.plaintext 2002-10-03 21:02:41.000000000 +0200
+++ cyrus-imapd-2.2.6/man/pop3d.8 2004-06-23 15:20:41.000000000 +0200
@@ -64,6 +64,9 @@
.B \-s
]
[
+.B \-t
+]
+[
.B \-k
]
.SH DESCRIPTION
@@ -114,6 +117,11 @@
.I pop3d
is encrypted using the Secure Sockets Layer.
.TP
+.BI \-t
+Do not allow the use of cleartext passwords on the wire. Equivalent to setting
+.I allowplaintext: no
+in the configuration file.
+.TP
.B \-k
Serve MIT's KPOP (Kerberized POP) protocol instead.
.SH FILES
--- cyrus-imapd-2.2.6/imap/imapd.c.plaintext 2004-06-23 15:20:41.000000000 +0200
+++ cyrus-imapd-2.2.6/imap/imapd.c 2004-06-23 15:23:32.000000000 +0200
@@ -105,6 +105,7 @@
static char shutdownfilename[1024];
static int imaps = 0;
static sasl_ssf_t extprops_ssf = 0;
+static int imapd_allow_plaintext = 0;
/* per-user/session state */
struct protstream *imapd_out = NULL;
@@ -550,7 +551,10 @@
snmp_connect(); /* ignore return code */
snmp_set_str(SERVER_NAME_VERSION,CYRUS_VERSION);
- while ((opt = getopt(argc, argv, "sp:")) != EOF) {
+ /* set defaults for allowplaintext */
+ imapd_allow_plaintext=config_getswitch(IMAPOPT_ALLOWPLAINTEXT);
+
+ while ((opt = getopt(argc, argv, "stp:")) != EOF) {
switch (opt) {
case 's': /* imaps (do starttls right away) */
imaps = 1;
@@ -563,6 +567,9 @@
case 'p': /* external protection */
extprops_ssf = atoi(optarg);
break;
+ case 't': /* allowplaintext: no */
+ imapd_allow_plaintext=0;
+ break;
default:
break;
}
@@ -1737,7 +1744,7 @@
/* possibly disallow login */
if ((imapd_starttls_done == 0) &&
- (config_getswitch(IMAPOPT_ALLOWPLAINTEXT) == 0) &&
+ (imapd_allow_plaintext == 0) &&
!is_userid_anonymous(canon_user)) {
eatline(imapd_in, ' ');
prot_printf(imapd_out, "%s NO Login only available under a layer\r\n",
@@ -2268,7 +2275,7 @@
prot_printf(imapd_out, " STARTTLS");
}
if (imapd_authstate ||
- (!imapd_starttls_done && !config_getswitch(IMAPOPT_ALLOWPLAINTEXT))) {
+ (!imapd_starttls_done && !imapd_allow_plaintext)) {
prot_printf(imapd_out, " LOGINDISABLED");
}
--- cyrus-imapd-2.2.6/imap/pop3d.c.plaintext 2004-06-23 15:20:41.000000000 +0200
+++ cyrus-imapd-2.2.6/imap/pop3d.c 2004-06-23 15:20:41.000000000 +0200
@@ -125,6 +125,7 @@
static int pop3s = 0;
int popd_starttls_done = 0;
+static int popd_allow_plaintext = 0;
static struct mailbox mboxstruct;
@@ -308,7 +309,10 @@
fatal(error_message(r), EC_CONFIG);
}
- while ((opt = getopt(argc, argv, "sk")) != EOF) {
+ /* set defaults for allowplaintext */
+ popd_allow_plaintext=config_getswitch(IMAPOPT_ALLOWPLAINTEXT);
+
+ while ((opt = getopt(argc, argv, "skt")) != EOF) {
switch(opt) {
case 's': /* pop3s (do starttls right away) */
pop3s = 1;
@@ -322,6 +326,9 @@
case 'k':
kflag++;
break;
+ case 't': /* allowplaintext: no */
+ popd_allow_plaintext=0;
+ break;
default:
usage();
}
@@ -1051,7 +1058,7 @@
/* possibly disallow USER */
if (!(kflag || popd_starttls_done ||
- config_getswitch(IMAPOPT_ALLOWPLAINTEXT))) {
+ popd_allow_plaintext)) {
prot_printf(popd_out,
"-ERR [AUTH] USER command only available under a layer\r\n");
return;
@@ -1190,7 +1197,7 @@
if (!popd_mailbox && !backend &&
(kflag || popd_starttls_done
- || config_getswitch(IMAPOPT_ALLOWPLAINTEXT))) {
+ || popd_allow_plaintext)) {
prot_printf(popd_out, "USER\r\n");
}
