[Dovecot] Getting more out of the %w variable.

[Julian PG]

Hello Dovecot community,

I have a backend database application that handles all system wide user 
authentication (from web to mail and more).

Passwords are not stored in plain text.

So I would like to support more than PLAIN. Perhaps at least CRAM-MD5 or 
DIGEST-MD5 for example.

Even though connections over TLS are encouraged (and even enforced). 
Some MUA and users still think its a better idea than PLAIN (even sent 
over an encrypted session). I have a vague memory of getting some 
warnings with thunderbird in regards to the use of PLAIN.

Of course the %w variable would have to include the challenge as well as 
the response. Or perhaps even a seperate variable for the challenge? Or 
course at the moment the %w variable is an empty string for anything 
other than PLAIN. This would make some users and MUAs happy (even though 
pointless over TLS - I agree).

Your thoughts would be appreciated.

Regards,
Julian.

-- 
Not time for sigs!