Odhiambo WASHINGTON wrote:
I have a setup where I have both the cleartext password and encrypted (md5 hash) password in a mysql database. In this situation it would be possible to use digest-md5, yes?
Yeah, except that DIGEXT-MD5 is much less well supported than CRAM-MD5, so I would have both enabled, or just CRAM-MD5.
But this would mean that any user not using secure authentication will fail to authenticate or is it possible to configure dovecot to start with a secure auth mechanism, but fall back to some none secure mechanism in case the default one fails (although it's stupid to do this)?
Most clients [that I'm aware of] will try to use a stronger authentication method before trying to use a weaker one. If you want to support CRAM-MD5 and PLAIN, you will have to decide whether you want to force users to connect to IMAPS (to protect the plaintext password). Then you can permit both methods, and the client will choose one from the list that the server advertises (as I said, most will choose CRAM-MD5 then PLAIN).
Personally, I only support CRAM-MD5, but I do support IMAP and IMAPS (I also support CRAM-MD5 for outbound mail on SMTP/TLS/SMTPS)...
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748