[Dovecot] CRAM-MD5 authentication but plain-md5 password storage.
Pascal Volk
user+dovecot at localhost.localdomain.org
Mon Jun 22 22:00:23 EEST 2009
On 06/22/2009 08:49 PM Richard wrote:
> Pascal, thanks for the quick reply. I'm using postfixadmin for user
> administration so I guess plaintext passwords is the current solution.
>
> Excuse my newbie question but I want to try and understand this. What
> is the reason to have to use plaintext passwords for this kind of
> authentication?
When storing passwords in plain text, Dovecot could generate the hashes
'on the fly' (when a user logs in and want to use for example CRAM-MD5,
instead of PLAIN or LOGIN).
But a user can also use the PLAIN or LOGIN mechanism even when the
password is stored as CRAM-MD5 hash.
BUT: A user cannot login using DIGEST-MD5 if the password is stored as
CRAM-MD5 hash. In this case the password should be stored as DIGEST-MD5
hash (or as plain text (not recommended!))
Further information is available at:
http://wiki.dovecot.org/Authentication/Mechanisms
Regards;
Pascal
--
The trapper recommends today: c01dcofe.0917320 at localdomain.org
More information about the dovecot
mailing list