Re: [Exim] Re: SMTP auth, MySQL & passwords stored in clear

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Nigel Metheringham
CC: Svein E. Seldal, list, exim-users
Subject: Re: [Exim] Re: SMTP auth, MySQL & passwords stored in clear
On Mon, 12 Jan 2004, Nigel Metheringham wrote:

> On Sun, 2004-01-11 at 14:14, Svein E. Seldal wrote:
> > I dont get it. I have a server with a sendmail MTA. It is able to use
> > CRAM-MD5 without using having the password available in cleartext. It
> > reads the /etc/shadow (which IFAIK is one-way hashed, right?). How is
> > that possible?
>
> It cannot be doing this.


...unless the encrypted password is kept at both ends, in which case the
encrypted string is essentially being used as the "password". I suppose
the client could be generating the encrypted string each time, assuming
it can discover which salt to use.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book