9 Jan
2009
9 Jan
'09
6:23 p.m.
On Wed, 2008-12-31 at 01:31 +0200, Timo Sirainen wrote:
- CRAM-MD5 and APOP request/response handler stealing is pretty
evil, especially with the duplicated structs. I'm sure there's a
better way, although probably requires larger changes.Maybe a new passdb_module_interface.verify_challenge_response() method
which is used if lookup_credentials=NULL. I know passdb checkpassword
could also support a similar feature.
I did some cleanup changes to v1.2 auth code that makes this slightly easier. Then I started also the rest of it but it was getting more complex than I thought initially, so I ended up just saving the non-working patch: http://dovecot.org/patches/1.2/auth-verify-response.diff
I think I'll release v1.2 without your patches. I had hoped v1.2.0 would have been released already and I don't really want to cause any more delays to it.