Magnus Holmgren
2005-Jan-25 17:37 UTC
[Dovecot] disable_plaintext_auth, inetd, localhost, IPv6, and mapped addresses
Dovecot 0.99.13. I've noticed that the condition client->secured = ssl || (IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) || (IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0); (in (imap-login|pop3-login)/client.c) isn't enough, at least not when running from inetd. The thing is that you will come across ::ffff:127.0.0.1, which is secure, but not covered by the above. I thought I saw someting on this earlier, but in that case I cant't find it now. Cheers, Magnus Holmgren holmgren at lysator.liu.se
Villalovos, John L
2005-Jan-26 01:02 UTC
[Dovecot] disable_plaintext_auth, inetd, localhost, IPv6, and mapped addresses
dovecot-bounces at dovecot.org wrote:> Dovecot 0.99.13. > > I've noticed that the condition > > client->secured = ssl || > (IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) || > (IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0); > > (in (imap-login|pop3-login)/client.c) isn't enough, at least not when > running from inetd. The thing is that you will come across >>> ffff:127.0.0.1, which is secure, but not covered by the above. > > I thought I saw someting on this earlier, but in that case I > cant't find > it now.Yes I mentioned something about it in a message titled, "RE: [Dovecot] Plaintext Authentication from Localhost" On 19-Jan-2005. Seems to be a bug. At least it didn't work quite right for me. John