[Dovecot] APOP and CRAM-MD5 in checkpassword module
Timo Sirainen
tss at iki.fi
Wed Jun 27 17:46:37 EEST 2007
On Wed, 2007-06-27 at 07:50 -0600, Ben Schumacher wrote:
> This somewhat
> conflicts with dovecot's authentication system, which expects to have
> all the necessary authentication information internally and is not
> design (not willing?) to trust a checkpassword-style authentication
> mechanism to peform CRAM-MD5 authentication and therefore only offers
> PLAIN as an option to clients.
Internally Dovecot supports two methods:
1. verify plaintext password
2. lookup password in requested format
Checkpassword API doesn't fit into either of these. I could kludge a
Dovecot-specific support for 2, but supporting an external "verify
non-plaintext password" API would require changing the internal APIs in
some way.
Also I don't think there's a standard way to tell the checkpassword
script which auth method is being used? Are they all just hardcoded to
one specific method or do other servers pass the method in environment
or timestamp or something?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070627/74b3fd79/attachment-0001.bin
More information about the dovecot
mailing list