cf58a5
--- imap/imapd.c
cf58a5
+++ imap/imapd.c	2004/01/16 12:25:51
cf58a5
@@ -578,8 +578,11 @@
cf58a5
 	fatal("SASL failed initializing: sasl_server_new()", EC_TEMPFAIL);
cf58a5
     }
cf58a5
 
cf58a5
-    /* never allow plaintext, since IMAP has the LOGIN command */
cf58a5
-    secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT);
cf58a5
+    if( (config_getswitch(IMAPOPT_ALLOWPLAINWITHOUTTLS) == 0) ) {
cf58a5
+        secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT);
cf58a5
+    } else {
cf58a5
+        secprops = mysasl_secprops(0);
cf58a5
+    }
cf58a5
     sasl_setprop(imapd_saslconn, SASL_SEC_PROPS, secprops);
cf58a5
     sasl_setprop(imapd_saslconn, SASL_SSF_EXTERNAL, &extprops_ssf);
cf58a5
 
cf58a5
--- lib/imapoptions
cf58a5
+++ lib/imapoptions	2004/01/16 12:27:52
cf58a5
@@ -684,6 +684,9 @@
cf58a5
    to set this to yes, especially if OpenLDAP is used as authentication
cf58a5
    source. */
cf58a5
 
cf58a5
+{ "allowplainwithouttls", 0, SWITCH }
cf58a5
+/* Allow plain login mechanism without an encrypted connection. */
cf58a5
+
cf58a5
 /*
cf58a5
 .SH SEE ALSO
cf58a5
 .PP