Re: [Exim] CRAM-MD5 fudging

Top Page
Delete this message
Reply to this message
Author: Tamas TEVESZ
Date:  
To: Nico Erfurth
CC: exim-users
Subject: Re: [Exim] CRAM-MD5 fudging
On Wed, 12 Mar 2003, Nico Erfurth wrote:

> Hmmm, well let me think, maybe it doesn't matter, whatever you have the
> same Challange or not, in your situation?


it certainly did. it was proper cram-md5, only the actual checking
was put back to postgres (ie. a pg stored procedure received the
challenge made by exim and the encrypted hash supplied by the client,
then it looked up the cleartext pw from a database, re-hashed it with
the supplied challenge, and compared the two hashes).

--
[-]
... and the rest is silence.