Author: Thomas Baumann Date: To: exim users Subject: Re: [exim] exim4 calculate cram_md5 for authentication
againstmysql (smtp_auth)
I can't believe that it will not be possible.
If i read the rfc 2195 there is all I need to
catch the challenge which is sent to the client
to calculate the answer. Then I can set up a comparison.
Can sb. help me - How can I get the challenge
in a exim variable ?
Thanks for any reply in advance.
Thomas.
Zitat von Phil Pennock <exim-users@???>:
> On 2008-05-12 at 21:46 +0200, Thomas Baumann wrote:
>> I hope sb can help me. I've got problems with smtp_auth and cram_md5.
>>
>> In my MYSQL database the passwords are stored as a md5_hex hash,
>> caculated by
>
> That's the problem. In short: you can't.
>
> CRAM-MD5 fundamentally needs either the plaintext password available to
> the server, or a special intermediate value, an HMAC-MD5 context based
> on the password, which is *not* the same as the md5_hex hash.
>
> You can't use CRAM-MD5 with md5-stored passwords.
>
> Mostly, if the server keeps the password encrypted in a strong form
> that's not special to a particular authentication protocol (eg, storing
> the relevant MD5 context needed for CRAM-MD5) then you need the
> authentication protocol to have the client send the password to the
> server. If you don't want the client to send the password, then the
> server needs access to the password.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
