Re: [Exim] SMTP AUTH + cram_md5

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Tamas TEVESZ
Datum:  
To: Dmitry Rojkov
CC: exim-users
Betreff: Re: [Exim] SMTP AUTH + cram_md5
On Wed, 30 Jan 2002, Dmitry Rojkov wrote:

> Is it possible to use the cram-md5 authenticator and in the same time to
> keep user's password not in PLAINTEXT but MD5-digest?


no. or, well, yes, but then the user's password has to be scrambled
(as opposed to being encrypted). and you have to add this scrambling
knowledge to the cram-md5 driver too.

basically, "no".

> The line "The server then computes the CRAM-MD5 digest that the client should
> have sent, and checks that it received the correct string" confuses me.
> I don't want to compute, but compare MD5-digest.


you can't. the digest includes the challenge, which is different all
the time. if it wasn't, there wouldn't be any reason for cram at all.


--
[-]