Mixed Autehtnication and password schemes
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Sep 1 14:32:14 EEST 2017
> On September 1, 2017 at 2:44 AM Raymond Sellars <Raymond.Sellars at orionhealth.com> wrote:
>
>
> Thanks
>
> -----Original Message-----
> From: Aki Tuomi [mailto:aki.tuomi at dovecot.fi]
> Sent: Friday, 1 September 2017 2:15 AM
> To: dovecot at dovecot.org; Raymond Sellars
> Subject: Re: Mixed Autehtnication and password schemes
>
>
> > The above not suggests I can't use DIGEST-MD5 with master password configuration, if using more than one passdb setup. I don't understand why there would be a restriction as the password validation should just fall through irrespective.
> >
>
> Because CRAM-MD5 is bothersome. Do you really need it? It's not really necessary with SSL.
>
> [Raymond] Unfortunately yes, part of the ONC 2015 Edition requirements. As you say its not really needed but more one of those tick the compliance boxes.
>
My condolences. Do they really require it for *master password* too, which makes little sense?
Aki
More information about the dovecot
mailing list