[Dovecot] APOP and CRAM-MD5 in checkpassword module
John Peacock
jpeacock at rowman.com
Mon Jun 25 23:16:02 EEST 2007
Ben Schumacher wrote:
> I would like to see this, too. After digging through the code some, it
> seems that the major sticking point is that dovecot would prefer to do
> the CRAM-MD5 internally and therefore expects to have access to the
> password in plaintext and doesn't pass the timestamp on to
> checkpassword...
There is no way to use CRAM-MD5 without having the password stored in
plaintext locally; it is a design "feature" since the hash is calculated
using a different server key every time.
HTH
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
More information about the dovecot
mailing list