One of the reason I use qmail pop3 is that it will do learn password and
use Devocot for imap.
Just my .2 euro
Remo
Tom Collins wrote:
On Apr 14, 2008, at 3:46 PM, D. Hilbig wrote:
If I do a plaintext login which will check against the hashed password
stored in the SQL table, I can login with any password. However, a
CRAM-MD5
login (which checks against the clear password) with any password will
fail.
If both the hashed password and clear password in the SQL table are NULL
(empty), I'd expect the behavior to be the same regardless of CRAM-MD5 or
plaintext.
IIRC, this was intentional. It's impossible to learn a password via
CRAM-MD5, so we fail until we can learn a password through some other
method.
Password learning happens in vchkpw, but I guess it should move into
vpopmail so any app calling the API can have a password "learned".
And to those who recommend Dovecot, it probably doesn't do learning
either, for the same reasons.
I just checked courier 3.0.8, and it looks like it should update the
password... I checked dovecot 1.0.10, and found this, "Thanks to
Courier-IMAP for showing how the vpopmail API should be used". It
doesn't appear to have code that updates the password.
Unfortunately, there's no way to update libvpopmail to have it learn the
password. We'll have to update the individual apps (courier and
dovecot) and get the maintainers to accept the changes into the next
release.
-Tom
!DSPAM:4804b432120505599750701!
