[Dovecot] multiple passwords in different schemes

Timo Sirainen tss at iki.fi
Tue Jan 20 22:45:54 EET 2009


On Tue, 2009-01-20 at 21:42 +0100, Maciej Uhlig wrote:
> Timo Sirainen:
> > If the password is the same in both cases, you can simply use a single
> > CRAM-MD5 scheme. Dovecot can do plaintext authentication against all
> > schemes just fine.
> >   
> Actually I happen not to understand the above :-(  I thought PLAIN is a 
> plaintext schema while CRAM-MD5 is non-plaintext schema and it's 
> impossible to have the same password in mixed schemas stored in one 
> database used for different authentication mechanisms (i.e. PLAIN and 
> CRAM-MD5). Moreover there is no fallback using mechanism other than 
> PLAIN. What am I missing here?

Yes, it's not possible to store two different schemas. But the point is
that plaintext authentication (PLAIN or LOGIN auth mechanism) can verify
the password against ANY schema.

> Yes, the password is the same in both cases, but it is stored twice: as 
> a MD5 hash and as a CRAM-MD5 hash.

Just don't store the MD5 hash, it's unnecessary.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090120/bd238b85/attachment.bin 


More information about the dovecot mailing list