[Dovecot] APOP and CRAM-MD5 in checkpassword module

Ben Schumacher me at benschumacher.com
Mon Jun 25 23:01:23 EEST 2007


On 3/29/07, Max A. <sub at comtel-60.ru> wrote:
> > Still a bit more fixes. My coding TODO list is again empty.
> Whether it is possible to add APOP and CRAM-MD5 in the
> checkpassword-module? Original qmail-popup is able APOP, and smtp-auth
> patch (http://www.fehcom.de/qmail/smtpauth.html) can use CRAM-MD5,
> accordingly, vckpw from vpopmail understands both these of a method.
> Very much would be desirable, that these two methods were in dovecot (in
> chackpassword-module).

I would like to see this, too. After digging through the code some, it
seems that the major sticking point is that dovecot would prefer to do
the CRAM-MD5 internally and therefore expects to have access to the
password in plaintext and doesn't pass the timestamp on to
checkpassword...

Any chance this behavior could be altered/updated in the future? It's
made migration from existing mail system difficult as I don't want to
give up the security of CRAM-MD5 even for the benefits of dovecot, and
reworking authentication scheme is a no-go at this point.

Any help?

Thanks,
Ben


More information about the dovecot mailing list