On 06/22/2009 08:49 PM Richard wrote:
Pascal, thanks for the quick reply. I'm using postfixadmin for user administration so I guess plaintext passwords is the current solution.
Excuse my newbie question but I want to try and understand this. What is the reason to have to use plaintext passwords for this kind of authentication?
When storing passwords in plain text, Dovecot could generate the hashes 'on the fly' (when a user logs in and want to use for example CRAM-MD5, instead of PLAIN or LOGIN). But a user can also use the PLAIN or LOGIN mechanism even when the password is stored as CRAM-MD5 hash.
BUT: A user cannot login using DIGEST-MD5 if the password is stored as CRAM-MD5 hash. In this case the password should be stored as DIGEST-MD5 hash (or as plain text (not recommended!))
Further information is available at: http://wiki.dovecot.org/Authentication/Mechanisms
Regards; Pascal
The trapper recommends today: c01dcofe.0917320@localdomain.org