Hello Dovecot community,

I have a backend database application that handles all system wide user authentication (from web to mail and more).

Passwords are not stored in plain text.

So I would like to support more than PLAIN. Perhaps at least CRAM-MD5 or DIGEST-MD5 for example.

Even though connections over TLS are encouraged (and even enforced). Some MUA and users still think its a better idea than PLAIN (even sent over an encrypted session). I have a vague memory of getting some warnings with thunderbird in regards to the use of PLAIN.

Of course the %w variable would have to include the challenge as well as the response. Or perhaps even a seperate variable for the challenge? Or course at the moment the %w variable is an empty string for anything other than PLAIN. This would make some users and MUAs happy (even though pointless over TLS - I agree).

Your thoughts would be appreciated.

Regards, Julian.

-- Not time for sigs!