auth_allow_cleartext = yes no longer exists

Question

auth_allow_cleartext = yes no longer exists

Closed this issue 7 months ago · 2 comments

https://doc.dovecot.org/configuration_manual/basic_configuration/

Under "Plaintext Authentication" there is the section

"To allow any Authentication without SSL, disable SSL in the conf.d/10-ssl.conf file. This has to be done because Dovecot (now) uses SSL as default. You probably want to switch this back to “yes” or other options afterward.

ssl = no

Until SSL is configured, allow plaintext authentication in the conf.d/10-auth.conf file. You probably want to switch this back to “yes” afterward.

auth_allow_cleartext = yes

If you didn’t use the temporary passwd-file created above, don’t do this if you don’t want your password to be sent in clear to network. Instead get SSL configuration working and connect to Dovecot only using SSL."

When I look at /etc/dovecot/conf.d/10-auth.conf I see

"  GNU nano 7.2                   10-auth.conf                             ##
## Authentication processes
##

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the# connection is considered secure and plaintext authentication is allowed.# See also ssl=required setting.
#disable_plaintext_auth = yes"

I assume this is what that section in the documentation is referring to.
In case it matters, this was installed on apline 3.19 using apk add dovecot dovecot 2.3.21

Answer 1 · 2024-01-30T21:36:17.000Z

auth_allow_cleartext is new in Pro 3.0/CE 2.4:

https://doc.dovecot.org/3.0/settings/core/#core_setting-auth_allow_cleartext

It looks like the portion quoted above got backported to the older 2.3 documentation by mistake. A MR to remove it from 2.3 documentation only would be great.

Answer 2 · 2024-04-08T12:47:08.000Z

I can't see this in 2.3

$ git grep auth_allow_cleartext
$