I can't believe that it will not be possible. If i read the rfc 2195 there is all I need to catch the challenge which is sent to the client to calculate the answer. Then I can set up a comparison.
Can sb. help me - How can I get the challenge in a exim variable ? Thanks for any reply in advance. Thomas. Zitat von Phil Pennock <[EMAIL PROTECTED]>: > On 2008-05-12 at 21:46 +0200, Thomas Baumann wrote: >> I hope sb can help me. I've got problems with smtp_auth and cram_md5. >> >> In my MYSQL database the passwords are stored as a md5_hex hash, >> caculated by > > That's the problem. In short: you can't. > > CRAM-MD5 fundamentally needs either the plaintext password available to > the server, or a special intermediate value, an HMAC-MD5 context based > on the password, which is *not* the same as the md5_hex hash. > > You can't use CRAM-MD5 with md5-stored passwords. > > Mostly, if the server keeps the password encrypted in a strong form > that's not special to a particular authentication protocol (eg, storing > the relevant MD5 context needed for CRAM-MD5) then you need the > authentication protocol to have the client send the password to the > server. If you don't want the client to send the password, then the > server needs access to the password. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
