[Dovecot] PATCH: CRAM-MD5 for Dovecot
Timo Sirainen
tss at iki.fi
Mon Nov 10 22:36:07 EET 2003
On Mon, 2003-11-10 at 17:29, Joshua Goodall wrote:
> Hi Timo,
>
> Mozilla 1.5 doesn't understand DIGEST-MD5; it only speaks CRAM-MD5 or
> PLAIN. Maybe other clients have the same problem. My users like
> Mozilla, so I wrote new code for Dovecot to speak CRAM-MD5, using
> your mech-digest-md5.c as a reference.
Thanks. I thought CRAM-MD5 required plaintext password in server side,
but looks like you store them in some MD5 hash. That's good :)
> I don't know if I've caught precisely the coding style you use for
> Dovecot. I hope so, but I'm unsure if I've used your string and
> buffer libraries properly. Please enlighten me if you have time.
I did some cosmetical changes, but it was mostly ok. One real potential
problem was:
auth->challenge = p_strdup(auth->pool, str_data(str));
str_data() doesn't guarantee the returned string to be NUL-terminated,
str_c() would be correct.
And I rather try to avoid using 64bit integers which you used there, so
I changed them to just print 16 random digits.
It'd be nice to add CRAM-MD5 support to password_verify() too so that
plaintext authentication could work with such passwords. But not that
important.
> Would you consider including this in the next release?
Committed to CVS, see if it still works after my changes? ;)
More information about the dovecot
mailing list