Mihamina Rakotomandimby writes:
Manao ahoana, Hello, Bonjour,I have a users database with clear plain passwords. Courier authenticates users without problems against it. Now, it's time to move to CRYPT scheme. Before that, I would like to know how things happen. He have: - the user, (entering his password in the MUA) - the user's MUA (Thunderbird, Outlook, Squirrelmail,...) - the POP or IMAP server - the users database (mySQL) with username and crypt()'d password How I think the process is: - the user enters his password in a clear way. - the MUA sends the password as the user entered it to the POP or IMAP server - the POP or IMAP server fetches the password from the database - the POP or IMAP server crypt()'s the user entered password - the POP or IMAP server compares crypt()'d ones and gives his response Am I close enough to reality? Too far?
This is a correct description.The only possible complication would be if your existing clients use one of the CRAM authentication methods. CRAM requires clear passwords. CRAM authentication must be disabled when using encrypted passwords.
pgpCUHe0bKnp9.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
