On Wed, 2007-06-27 at 07:50 -0600, Ben Schumacher wrote:
This somewhat conflicts with dovecot's authentication system, which expects to have all the necessary authentication information internally and is not design (not willing?) to trust a checkpassword-style authentication mechanism to peform CRAM-MD5 authentication and therefore only offers PLAIN as an option to clients.
Internally Dovecot supports two methods:
- verify plaintext password
- lookup password in requested format
Checkpassword API doesn't fit into either of these. I could kludge a Dovecot-specific support for 2, but supporting an external "verify non-plaintext password" API would require changing the internal APIs in some way.
Also I don't think there's a standard way to tell the checkpassword script which auth method is being used? Are they all just hardcoded to one specific method or do other servers pass the method in environment or timestamp or something?