On Sun, 2004-01-11 at 14:14, Svein E. Seldal wrote:
> I dont get it. I have a server with a sendmail MTA. It is able to use
> CRAM-MD5 without using having the password available in cleartext. It
> reads the /etc/shadow (which IFAIK is one-way hashed, right?). How is
> that possible?
It cannot be doing this.
I believe its possible to hold a pre-processed password at the server
end for doing CRAM-MD5 authentication, but due to the way the algorithm
works that password will be at least plain text equivalent (ie you could
use that to perform the authentication with an appropriate set of
transformations).
However if you are keeping the passwords in shadow then you are not
doing CRAM-MD5 - have you traced the authentication requests?
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
