Making POP3 Work with Plaintext Passwords

Note: this documentation is fairly old, and may be out-of-date. In any case, using plaintext passwords at all on an open network connection is probably ill-advised. I eventually came up with a better solution, but I'm leaving this around in case someone else needs to do it.

In the Debian sarge release, plaintext logins are disabled. This, of course, breaks any client connections which used to be working with Debian woody. The solution is to create a file /etc/c-client.cf and place these two lines into it: 

   I accept the risk
   set disable-plaintext 0

Here's a snippet out of the README.Debian file for the libc-client2002edebian Debian package: 

   By default, plaintext logins are disabled unless you are using SSL or TLS.
   This was done upstream to follow security recommendations by IETF (The    
   Internet Engineering Task Force).

   If you absolutely must use plaintext passwords, you will need to use the
   semi-official /etc/c-client.cf

   The upstream author gives dire warnings about using this functionality but it
   works and is pretty stable.  See /usr/share/doc/libc-client2002edebian/imaprc.txt.gz
   for further information.

If you read the "dire warnings" in imaprc.txt.gz, you'll see that you have to put the I accept the risk line at the top of the configuration file before it will accept any of the options.

POPPlaintext (last edited 2010-05-28 16:51:04 by KennethPronovici)