[Vmail-discuss] smtp auth

[Eric Renfro]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|The reason for this is so that we can support multiple hashing 
|formats, beyond just MD5 and DES.  In particular, APOP 
|requires a plaintext copy of the password.
|
|With hindsight, it might have been more sensible to put the 
|hash method into a separate column.

Oh yes. That would definitely be a better plan, so that you could
actually make use of those hashes in other things, such as an
example: Courier-IMAP's authdaemon.mysql, which can either use
plaintext, or automagically test against several crypt() methods,
including DES and Crypt-MD5.

|I'd prefer to have plaintext passwords in a database that I 
|can secure, rather than passwords being sent in the clear over 
|a network that I can't, hence support for plaintext passwords 
|so that we can do APOP, and CRAM-MD5 SMTP AUTH.
|
|Paul

I don't quite understand this concept, myself. What's different about
APOP, and CRAM-MD5 SMTP AUTH? I'm unfamiliar with this. I use SSL
tunneled encryption, when security is an issue, still testing a
plaintext password from the client, to a hashed password from the
server.

- ---
Eric Renfro - Myrddin Computers & Designs
CEO/President
713-595-2104 X2261

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment:   -- Psi-Jack <Encrypting the Net/Securely>

iQA/AwUBO/Cy2LdZW96NGwakEQKKXQCgmzOdALvo1g/sYCB+V+Gco2qHqSAAoPOT
VxL+6l/sbyOnwN/5PxyODC7U
=32nh
-----END PGP SIGNATURE-----