At 20:06 2000-05-03, Russell Nelson wrote:
>Is anyone using Krzysztof Dabrowski's cmd5checkpw with qmail-pop3d?
>Yes, I know that he didn't write it for that, he wrote it for
>smtp-auth. But it looks to me like he's reversed the password and the
>timestamp parameters to checkpassword.
;)
Isn't it easier to ask me directly? :)
Here comes an excerpt from checkpassword's man:
" The information supplied on descriptor 3 is a login name
terminated by \0, a password terminated by \0, a timestamp
terminated by \0, and possibly more data. There are no
other restrictions on the form of the login name, pass-
word, and timestamp.
"
so the order is : LOGIN, PASSWORD, TIMESTAMP
my cmd5checkpassword accepts:
login name terminated by \e0,
a cram-md5 challenge terminated by \e0,
and a cram-md5 response terminated by
This can be questionable what is actualy a login and a password here....
because:
cmd5 auth scheme differs a bit when comparing with normal authentication.
You can judge it yourself and it IS possible to reverse the parameters
orded if you like. I will have to update the qmail-smtp-auth patch too..
Kris