Hi,
due to compatibility issues with mail clients I think I have to use plain text authentication. In order to secure the passwords during their transport I'll use SSL encryption.
After reading some documentation I think that I'll have to store the passwords as plain text in the authdb. That is something I dislike very much as it is a (imho) good tradition for unix to store only encrypted passwords for security reasons.
I would like to see the possibility in dovecot to store the passwords for plain text authentication md5 encrypted. That should be easy to implement (just one md5 encryption before comparing the given password with the stored one) and could improve security. As this would be an api change it should be made configurable (and in the first versions this setting should default to the actual behavior).
How do you like this idea? Maybe I can provide a patch but I won't work on this if you won't include it within dovecot at all.
And last but not least I want to thank you for your great support! I really appreciate it! :-)
-- Felix