Autor: Phil Jordan Data: A: exim-users Assumpte: [exim] MD5 and Exim
Hi
I've been playing around with a virtual mail user scheme based on using the
user data in my Postnuke-based web site. The password information is MD5
encrypted, with no salt, and is stored as a 32 character hex string in a
MySQL database table. I have tested using this information in an appropriate
Exim authenticator, and my notes record that it worked.
In order to move to a virtual user scheme I need to replace my UW IMAP
installation. I chose Courier IMAP initially as this seemed as if it would
offer the features I require. However I find that Courier demands that any
MD5 encrypted password that it is presented with is also 64-bit encoded. This
leaves us with a 24 byte data item, the last two bytes of which are "==".
Now initially I drew the conclusion that Exim and Courier had different
requirements for MD5 passwords. However, I have a copy of Philip's book on
Exim 4 and I note that the examples of MD5 passwords in the text are 24
characters long, with a trailing "==". Just like Courier wants.
I am no expert in this area. Can someone (Philip?) enlighten me on what's
actually required by Exim (for MD5 passwords) please? 32 characters straight
hex? 24 characters (64-bit encoded)? Can it in fact cope with either?