On Tue, 2009-01-20 at 21:42 +0100, Maciej Uhlig wrote:
Timo Sirainen:
If the password is the same in both cases, you can simply use a single CRAM-MD5 scheme. Dovecot can do plaintext authentication against all schemes just fine.
Actually I happen not to understand the above :-( I thought PLAIN is a plaintext schema while CRAM-MD5 is non-plaintext schema and it's impossible to have the same password in mixed schemas stored in one database used for different authentication mechanisms (i.e. PLAIN and CRAM-MD5). Moreover there is no fallback using mechanism other than PLAIN. What am I missing here?
Yes, it's not possible to store two different schemas. But the point is that plaintext authentication (PLAIN or LOGIN auth mechanism) can verify the password against ANY schema.
Yes, the password is the same in both cases, but it is stored twice: as a MD5 hash and as a CRAM-MD5 hash.
Just don't store the MD5 hash, it's unnecessary.