20 Jan
2009
20 Jan
'09
10:42 p.m.
Timo Sirainen:
If the password is the same in both cases, you can simply use a single CRAM-MD5 scheme. Dovecot can do plaintext authentication against all schemes just fine.
Actually I happen not to understand the above :-( I thought PLAIN is a plaintext schema while CRAM-MD5 is non-plaintext schema and it's impossible to have the same password in mixed schemas stored in one database used for different authentication mechanisms (i.e. PLAIN and CRAM-MD5). Moreover there is no fallback using mechanism other than PLAIN. What am I missing here?
Yes, the password is the same in both cases, but it is stored twice: as a MD5 hash and as a CRAM-MD5 hash.
Best regards,
MU