Matt Pavlovich writes:
It is, basically SHA1(secret' + SHA1(challenge')), where secret' is derived from a known secret key (the password), and challenge' is derived from a randomly-generated string. The server generates a random string and transmits it to the client. The client computes the entire formula, starting with the cleartext password, and returns the final hash to the server. The server computes the same formula, and accepts the client if the client supplies the same hash as computed by the server. The server performs an identical calculation; therefore the server must also know the cleartext password.______________________________________________________________________How does CRAM-SHA1 differ from a standard SHA1 hash?Does your LDAP server have the user's plain test passwords in it? Can courier read those fields? The CRAM-MD5 and CRAM-SHA1 methods need plain test passwords in the password database.
-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
