cyrus-imapd/allow_auth_plain_proxying.patch

--- imap/imapd.c
+++ imap/imapd.c	2004/01/16 12:25:51
@@ -578,8 +578,11 @@
 	fatal("SASL failed initializing: sasl_server_new()", EC_TEMPFAIL);
     }
 
-    /* never allow plaintext, since IMAP has the LOGIN command */
-    secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT);
+    if( (config_getswitch(IMAPOPT_ALLOWPLAINWITHOUTTLS) == 0) ) {
+        secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT);
+    } else {
+        secprops = mysasl_secprops(0);
+    }
     sasl_setprop(imapd_saslconn, SASL_SEC_PROPS, secprops);
     sasl_setprop(imapd_saslconn, SASL_SSF_EXTERNAL, &extprops_ssf);
 
--- lib/imapoptions
+++ lib/imapoptions	2004/01/16 12:27:52
@@ -684,6 +684,9 @@
    to set this to yes, especially if OpenLDAP is used as authentication
    source. */
 
+{ "allowplainwithouttls", 0, SWITCH }
+/* Allow plain login mechanism without an encrypted connection. */
+
 /*
 .SH SEE ALSO
 .PP
bring up to Simon Matter's 2.3.1-2 version 2006-02-28 20:04:01 +00:00			`--- imap/imapd.c`
			`+++ imap/imapd.c 2004/01/16 12:25:51`
			`@@ -578,8 +578,11 @@`
			`fatal("SASL failed initializing: sasl_server_new()", EC_TEMPFAIL);`
			`}`

			`- /* never allow plaintext, since IMAP has the LOGIN command */`
			`- secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT);`
			`+ if( (config_getswitch(IMAPOPT_ALLOWPLAINWITHOUTTLS) == 0) ) {`
			`+ secprops = mysasl_secprops(SASL_SEC_NOPLAINTEXT);`
			`+ } else {`
			`+ secprops = mysasl_secprops(0);`
			`+ }`
			`sasl_setprop(imapd_saslconn, SASL_SEC_PROPS, secprops);`
			`sasl_setprop(imapd_saslconn, SASL_SSF_EXTERNAL, &extprops_ssf);`

			`--- lib/imapoptions`
			`+++ lib/imapoptions 2004/01/16 12:27:52`
			`@@ -684,6 +684,9 @@`
			`to set this to yes, especially if OpenLDAP is used as authentication`
			`source. */`

			`+{ "allowplainwithouttls", 0, SWITCH }`
			`+/* Allow plain login mechanism without an encrypted connection. */`
			`+`
			`/*`
			`.SH SEE ALSO`
			`.PP`