Re: [Exim] SMTP auth, MySQL & passwords stored in clear

Top Page
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: Exim Mailing List
Subject: Re: [Exim] SMTP auth, MySQL & passwords stored in clear
Hi Konrad, on Wed, 07 Jan 2004 16:20:35 +0000 you wrote:

> This seems to work fine, except for one thing: the passwords in the
> database have to be stored in plain text

...
> The other thing that has got me flummoxed is getting the same
> authenticator working for cram_md5


If you are going to be using CRAM-MD5 at all, you are going to have to
keep the passwords in plaintext on the server. (This is not a limitation
of Exim; it's to do with the algorithm, which requires the plaintext
password to be available at the server end in order to compute a hash)


Tim