Hello,
I am exploring the posibility of migrating an exsisting setup to
postfix+dovecot.
The issue being that many clients are currently configured for cram-md5
authentication.
I am fully aware that this is a really, really, really bad idea, but re
configuring all clients at once is not feasible with limited end user support
resources.
I have a setup running with LUA for the passdb, and everything works with PLAIN
login.
To keep compatibility with the PLAIN login mechanism i have tried to store
{PLAIN} passwords in the DB, since proper secure password storage
is incompatible with CRAM-MD5.
My issue is that the LUA function auth_password_verify(req, pass) not even
seems to be called for cram-md5 logins.
Reading through the documentation also seems to indicate that the callenge is
not passed to the LUA function making it impossible to compute the hash
in LUA or the function req.password_verify(req, row.password, pass).
Is my assumption correct that cram-md5 can not work with a LUA script ?
Kind regards,
Peter K.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
