Author: Tim Jackson Date: To: Exim Mailing List Subject: Re: [Exim] SMTP auth, MySQL & passwords stored in clear
Hi Konrad, on Wed, 07 Jan 2004 16:20:35 +0000 you wrote:
> This seems to work fine, except for one thing: the passwords in the
> database have to be stored in plain text ... > The other thing that has got me flummoxed is getting the same
> authenticator working for cram_md5
If you are going to be using CRAM-MD5 at all, you are going to have to
keep the passwords in plaintext on the server. (This is not a limitation
of Exim; it's to do with the algorithm, which requires the plaintext
password to be available at the server end in order to compute a hash)