On Wed, 12 Mar 2003, Nico Erfurth wrote:
> Hmmm, well let me think, maybe it doesn't matter, whatever you have the
> same Challange or not, in your situation?
it certainly did. it was proper cram-md5, only the actual checking
was put back to postgres (ie. a pg stored procedure received the
challenge made by exim and the encrypted hash supplied by the client,
then it looked up the cleartext pw from a database, re-hashed it with
the supplied challenge, and compared the two hashes).
