27 Jun
2007
27 Jun
'07
8:31 a.m.
Ben Schumacher wrote:
I would like to see this, too. After digging through the code some, it seems that the major sticking point is that dovecot would prefer to do the CRAM-MD5 internally and therefore expects to have access to the password in plaintext and doesn't pass the timestamp on to checkpassword...
There is no way to use CRAM-MD5 without having the password stored in plaintext locally; it is a design "feature" since the hash is calculated using a different server key every time.
vpopmail can store the password in plain-text.