Hello Dovecot community,
I have a backend database application that handles all system wide user authentication (from web to mail and more).
Passwords are not stored in plain text.
So I would like to support more than PLAIN. Perhaps at least CRAM-MD5 or DIGEST-MD5 for example.
Even though connections over TLS are encouraged (and even enforced). Some MUA and users still think its a better idea than PLAIN (even sent over an encrypted session). I have a vague memory of getting some warnings with thunderbird in regards to the use of PLAIN.
Of course the %w variable would have to include the challenge as well as the response. Or perhaps even a seperate variable for the challenge? Or course at the moment the %w variable is an empty string for anything other than PLAIN. This would make some users and MUAs happy (even though pointless over TLS - I agree).
Your thoughts would be appreciated.
Regards, Julian.
-- Not time for sigs!