Re: [Exim] CRAM-MD5 fudging

Top Page
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Tamas TEVESZ
CC: exim-users
Subject: Re: [Exim] CRAM-MD5 fudging
Tamas TEVESZ wrote:
> On Wed, 12 Mar 2003, Nico Erfurth wrote:
>
> > Hmmm, well let me think, maybe it doesn't matter, whatever you have the
> > same Challange or not, in your situation?
>
> it certainly did. it was proper cram-md5, only the actual checking
> was put back to postgres (ie. a pg stored procedure received the
> challenge made by exim and the encrypted hash supplied by the client,
> then it looked up the cleartext pw from a database, re-hashed it with
> the supplied challenge, and compared the two hashes).


Well, maybe I'm wrong with the expansion vs. Macro-stuff, but I'm pretty
sure that the macro isn't expanded. The macro-substitution takes place
when exim reads the configfile and blindly expanding it here would cause
REAL trouble.

Nico