Further to our previous discussion on the possibility of storing hashed passwords in the imap authentication database. I draw your attention to: http://www.ietf.org/rfc/rfc2195.txt, which abstract clearly states; "This specification provides a simple challenge-response authentication protocol that is suitable for use with IMAP4. Since it utilizes Keyed-MD5 digests and does not require that the secret be stored in the clear on the server". While I don't fully understand the cryptography details of the proposal it is clear that the requirement to avoid storing clear text passwords while retaining the security advantages of challenge-response is possible. Is there the possibility to implement this? Charles Bradshaw On Tue, 2013-03-26 at 08:00 -0400, Adam Tauno Williams wrote: > On Tue, 2013-03-26 at 10:17 +0000, Charles Bradshaw wrote: > > Thanks Guys > > I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually > > exclusive with hashed passwords. > > D'oh! I think I even posted that fact in answer to a previous thread. > > No problem, it happens to us all. Yesterday I posted two messages to > lists relating to issues that as soon as I posted them I found the > answers right there in the documentation. Right there! I swear I had > already looked twice. > > ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
