25 Jun
2007
25 Jun
'07
11:16 p.m.
Ben Schumacher wrote:
I would like to see this, too. After digging through the code some, it seems that the major sticking point is that dovecot would prefer to do the CRAM-MD5 internally and therefore expects to have access to the password in plaintext and doesn't pass the timestamp on to checkpassword...
There is no way to use CRAM-MD5 without having the password stored in plaintext locally; it is a design "feature" since the hash is calculated using a different server key every time.
HTH
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748