[Vmail-discuss] smtp auth
Chris Lightfoot
chris@xxxxxxxxxxxxx
Tue, 13 Nov 2001 10:39:10 +0000
On Tue, Nov 13, 2001 at 09:28:24AM +0000, Paul Warren wrote:
> On Mon, Nov 12, 2001 at 11:42:49PM -0600, Eric Renfro wrote:
> > |The reason for this is so that we can support multiple hashing
> > |formats, beyond just MD5 and DES. In particular, APOP
> > |requires a plaintext copy of the password.
> > |
> > |With hindsight, it might have been more sensible to put the
> > |hash method into a separate column.
> >
> > Oh yes. That would definitely be a better plan, so that you could
> > actually make use of those hashes in other things, such as an
> > example: Courier-IMAP's authdaemon.mysql, which can either use
> > plaintext, or automagically test against several crypt() methods,
> > including DES and Crypt-MD5.
>
> OK. I'll consider it for the next release.
Yeah. This may entail a nasty hack in tpop3d (counting the
number of fields returned or similar to see what sort of
schema it is, or, worse, much use of concat(...)) but it's
going to acquire another nasty hack owing to a bug in the
maildir code, so I suppose two is not much worse than
one....
--
``Knock hard. Life is deaf.''
(Arnold Wesker)