Re: [Exim] SMTP auth, MySQL & passwords stored in clear

Top Page
Delete this message
Reply to this message
Author: Konrad Michels
Date:  
To: Tim Jackson
CC: Exim Mailing List
Subject: Re: [Exim] SMTP auth, MySQL & passwords stored in clear
Hi Tim
Thanks for the response! I'm happy to leave the passwords in cleartext
in the db if I can get CRAM-MD5 lookups working, as the machine is
locked down fairly tightly. Now just got to wait for those more gifted
in mysql lookup syntax to see if they've got any tips!

Thanks again
Konrad


On Wed, 2004-01-07 at 16:29, Tim Jackson wrote:
> Hi Konrad, on Wed, 07 Jan 2004 16:20:35 +0000 you wrote:
>
> > This seems to work fine, except for one thing: the passwords in the
> > database have to be stored in plain text
> ...
> > The other thing that has got me flummoxed is getting the same
> > authenticator working for cram_md5
>
> If you are going to be using CRAM-MD5 at all, you are going to have to
> keep the passwords in plaintext on the server. (This is not a limitation
> of Exim; it's to do with the algorithm, which requires the plaintext
> password to be available at the server end in order to compute a hash)
>
>
> Tim
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##

--
***********************************************************
* Konrad Michels
* IT Manager
* Surfkitchen Limited
* +441189298079
***********************************************************

The information contained in this message is confidential. It is
intended solely for the use of the individual or entity to whom it is
addressed and other authorised to receive it. If the reader of this
message is not the intended recipient, you are hereby notified that any
use, copying, dissemination or disclosure of this information is
strictly prohibited. If you are not the intended recipient, please
delete it immediately and contact the sender by e-mail or telephone.
Internet e-mails are not necessarily secure. SurfKitchen accepts no
responsibility either for breaches of confidence that may arise through
the use of this medium or for changes to any e-mail which occur after
the e-mail has been sent.