Hi,
I'm just in the middle of setting up dovecot to serve IMAPS -- Actually I've finished apart from one thing: CRAM-MD5 passwords.
I'm using SQL as a backend for the password storage, and I don't want to store the passwords in plaintext. I've also configured dovecot to be rather restrictive when it comes to authentication methods (only CRAM-MD5 is allowed).
To generate the passwords to go into the database I can use the dovecotpw utility, but I'm wanting to stick some sort of minimal admin interface on the server to be able to manage the users etc without having to use the CLI.
I've looked at the theoretical explanation of the hashing algorithm, and I've read through the source code that dovecotpw uses to generate the passwords with the intent of creating a higher level language library (Perl, Ruby, PHP ... whatever)) to generate passwords, but I don't seem to be able to replicate the functionality, and there don't seem to be any existing libraries that generate consistent results (that I've found).
I don't have that much experience with C, and so I'm sure that I must have misunderstood how dovecotpw does its stuff. Perhaps someone could explain how the algorithm works? Or point me in the right direction?
Thanks, Douglas Willcocks