Mark Powell wrote:
It seems that cram-md5 requires that the client has a plaintext copy of the real password. Am I correct? If so then authldap could never provide cram-md5 support?
Yup! It's not a great design, but to be generous, cram-md5 was not intended to be used with a distributed authentication database. It's really only intended to prevent cleartext passwords from passing over the wire.
John
