[Dovecot] APOP and CRAM-MD5 in checkpassword module

John Peacock jpeacock at rowman.com
Mon Jun 25 23:16:02 EEST 2007


Ben Schumacher wrote:
> I would like to see this, too. After digging through the code some, it
> seems that the major sticking point is that dovecot would prefer to do
> the CRAM-MD5 internally and therefore expects to have access to the
> password in plaintext and doesn't pass the timestamp on to
> checkpassword...

There is no way to use CRAM-MD5 without having the password stored in 
plaintext locally; it is a design "feature" since the hash is calculated 
using a different server key every time.

HTH

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748


More information about the dovecot mailing list