On 29.9.2004, at 10:19, Andrew Bartlett wrote:
The problem is, despite some apparent initial hopes of the authors, PAM is effectively plaintext only these days, and what this is about is challenge-response NTLMSSP.
Projects like Cyrus-SASL are filling that gap a little, and I have a patch I've submitted to them, for the same thing.
BTW. sometimes after v1.0 I've thought about separating dovecot-auth into separate library so other servers could use it, similiar to Cyrus-SASL library. I'd be interested about getting at least Postfix to use it.
The biggest difference between Cyrus-SASL and Dovecot-SASL is that Cyrus-SASL is simply a library to use, while Dovecot-SASL is client/server making it much easier to use with chrooted/nonprivileged processes (Cyrus' saslauthd is plaintext-only AFAIK).