[Dovecot] multiple passwords in different schemes
Timo Sirainen
tss at iki.fi
Tue Jan 20 22:45:54 EET 2009
On Tue, 2009-01-20 at 21:42 +0100, Maciej Uhlig wrote:
> Timo Sirainen:
> > If the password is the same in both cases, you can simply use a single
> > CRAM-MD5 scheme. Dovecot can do plaintext authentication against all
> > schemes just fine.
> >
> Actually I happen not to understand the above :-( I thought PLAIN is a
> plaintext schema while CRAM-MD5 is non-plaintext schema and it's
> impossible to have the same password in mixed schemas stored in one
> database used for different authentication mechanisms (i.e. PLAIN and
> CRAM-MD5). Moreover there is no fallback using mechanism other than
> PLAIN. What am I missing here?
Yes, it's not possible to store two different schemas. But the point is
that plaintext authentication (PLAIN or LOGIN auth mechanism) can verify
the password against ANY schema.
> Yes, the password is the same in both cases, but it is stored twice: as
> a MD5 hash and as a CRAM-MD5 hash.
Just don't store the MD5 hash, it's unnecessary.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090120/bd238b85/attachment.bin
More information about the dovecot
mailing list