Hi. Am Freitag, 15. Februar 2008 schrieb Gordon Messmer: > Having the plain text password allows you to use the CRAM-* > authentication methods, which may offer additional security. In any > case, it allows for more flexible authentication options, and I wouldn't > be too quick to give that up.
Let me hook in here. CRAM would be able to offer with an intermediate hash value computet when the user sets his password. I don't know the backgrounds here, but when reading about SASL v1.5, they talk about such things. Would this behaviour be possible to achieve with courier? Is it planned? > > a) What function does the authmysql module use to encrypt the password > > that the client provides? > I don't think that it does. As far as I know, you need to use the > system's crypt() function. I don't know which types of hashing are supported, but I use salted-MD5 as unix shadow-passwords use. They can be created by several programming languages but not by MySQL itself. > > b) Is it just a matter of using something like phpmyadmin to dump the > > clear passwords in to the encrypted password fields via the function in > > answer a)? > No. But it can be done by a script (python, perl, PHP, ...) that iterates over all accounts and transforms passwords. cu, Bernd -- Die Grundsätze des Beamtenrechts können in Deutschland nur mit einer blutigen Revolution beseitigt werden. - Jürgen Rüttgers (dt. Politiker)
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
