[Dovecot] multiple password schemes and sql?

Timo Sirainen tss at iki.fi
Thu Aug 28 07:48:50 EEST 2008


On Aug 28, 2008, at 6:05 AM, R A wrote:

> Just a thought though, as you have to store the password in the form
> {CRAM-MD5}xxxxxxxxx to actually get that and not the  
> default_pass_sheme
> would it not be better to have an 'extra' field that could override
> default_pass scheme
> if it existed instead?

The {scheme}pass works with all passdbs, some of which don't have the  
possibility of storing the scheme elsewhere. But of course this could  
be done for SQL and others where it's possible, would just require  
more code..

> That way it would also be possible to have plaintext passwords
> with {} in them and not have to sanitize that.

For that it's possible to:

a) Use password_noscheme field (requires default_pass_scheme to be  
PLAIN then)

b) Use the {plain} prefix - after that you're free to use { and }  
characters in the password.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080828/2ca0697a/attachment.bin 


More information about the dovecot mailing list