[Vmail-discuss] smtp auth
Eric Renfro
psi-jack@xxxxxxxxxxxxx
Mon, 12 Nov 2001 23:42:49 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
|The reason for this is so that we can support multiple hashing
|formats, beyond just MD5 and DES. In particular, APOP
|requires a plaintext copy of the password.
|
|With hindsight, it might have been more sensible to put the
|hash method into a separate column.
Oh yes. That would definitely be a better plan, so that you could
actually make use of those hashes in other things, such as an
example: Courier-IMAP's authdaemon.mysql, which can either use
plaintext, or automagically test against several crypt() methods,
including DES and Crypt-MD5.
|I'd prefer to have plaintext passwords in a database that I
|can secure, rather than passwords being sent in the clear over
|a network that I can't, hence support for plaintext passwords
|so that we can do APOP, and CRAM-MD5 SMTP AUTH.
|
|Paul
I don't quite understand this concept, myself. What's different about
APOP, and CRAM-MD5 SMTP AUTH? I'm unfamiliar with this. I use SSL
tunneled encryption, when security is an issue, still testing a
plaintext password from the client, to a hashed password from the
server.
- ---
Eric Renfro - Myrddin Computers & Designs
CEO/President
713-595-2104 X2261
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: -- Psi-Jack <Encrypting the Net/Securely>
iQA/AwUBO/Cy2LdZW96NGwakEQKKXQCgmzOdALvo1g/sYCB+V+Gco2qHqSAAoPOT
VxL+6l/sbyOnwN/5PxyODC7U
=32nh
-----END PGP SIGNATURE-----