On Sunday 14 September 2003 15:47, Gal Goldschmidt wrote:
> Hi,
>
> Both DIGEST-MD5 and CRAM-MD5 require the password to be stored on the
> server in clear text(!).
As I understand, this is only required so that the authentication agent (be it
sasl, pam or whatever) can encode the password in MD5. is it possible to
store the password on the server already encoded in MD5 ? that would be the
best solution IMO.
> The best and easy solution: use plain and login with SSL/TLS, with the
> added bonus of security to the E-mail itself and not only the login.
Yes, but I want also to be able to support MD5 based auth for people who
can't/won't use SSL/TLS.
Thanks.
--
Oded
::..
"Never let a sense of social ethics get in the way of doing what's right."
-- Matthew Wallace
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
