[Dovecot] 1.0rc7 - dumb question

John Peacock jpeacock at rowman.com
Fri Sep 15 00:04:51 EEST 2006


Odhiambo WASHINGTON wrote:
> I have a setup where I have both the cleartext password and 
> encrypted (md5 hash) password in a mysql database.
> In this situation it would be possible to use digest-md5, yes?

Yeah, except that DIGEXT-MD5 is much less well supported than CRAM-MD5, 
so I would have both enabled, or just CRAM-MD5.

> But this would mean that any user not using secure authentication will fail
> to authenticate or is it possible to configure dovecot to start with
> a secure auth mechanism, but fall back to some none secure mechanism
> in case the default one fails (although it's stupid to do this)?

Most clients [that I'm aware of] will try to use a stronger 
authentication method before trying to use a weaker one.  If you want to 
support CRAM-MD5 and PLAIN, you will have to decide whether you want to 
force users to connect to IMAPS (to protect the plaintext password). 
Then you can permit both methods, and the client will choose one from 
the list that the server advertises (as I said, most will choose 
CRAM-MD5 then PLAIN).

Personally, I only support CRAM-MD5, but I do support IMAP and IMAPS (I 
also support CRAM-MD5 for outbound mail on SMTP/TLS/SMTPS)...

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748


More information about the dovecot mailing list