Jonathan Ballet wrote:
- How can it works with nearly the same configuration, using passwd-like files instead of pgsql database ?
Actual passwd files use crypt, which includes the seed before the hashed value.
Auth mechanism is set to 'cram-md5', and passwords in the passdb file are HMAC-MD5 encrypted passwords (or, if I am wrong somewhere, they are generated by 'dovecotpw -s HMAC-MD5' and start with {HMAC-MD5})
I don't see how this can work. I checked the source code and it seems to assume that you have the plaintext password. I don't have the time to trace through the code path to be sure; I help write the AUTH support in a SMTP server, so AFAICT you must have both the plaintext password and the generated challenge in order to use CRAM-MD5.
Is there any documentation referencing which password scheme could be used with an authentification mechanism ? I thought it was in [1], but I might be wrong.
So, what are my options, to have encrypted authentication, and encrypted password ?
AIUI, you need to use PLAIN (authentication) over SSL (encrypted) in order to have an encrypted password on the server.
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748