Patch is attached. User can now choose between cram-md5 and plain authentication. If no option is chosen, it defaults to cram-md5 - which is backwards compatible.
Br Rasmus Skaarup
auth_flat_file.patch
Description: Binary data
On 18/02/2010, at 22.45, Rasmus Skaarup wrote: > > Gmail apparently only supports AUTH PLAIN. > > But why their mail servers responds with "AUTH CRAM-MD5" and proceeds with a > plain mechanism is not really playing nice. > > I added support for the plain mechanism in the auth_flat_file plugin (which > was rather easy - why isn't this a selectable feature? Should I post a > patch?) so my mail server now tells "AUTH CRAM-MD5 PLAIN" and Gmail now > chooses "AUTH PLAIN" and authentication succeeds. > > Br > Rasmus > > > On 16/02/2010, at 18.33, Baltasar Cevc wrote: > >> Hi Rasmus, >> >>> ... >>> @400000004b7ac0e606cba59c 44729 running plugin (auth-cram-md5): >>> auth::auth_flat_file >>> @400000004b7ac0e606cd9d84 44729 auth::auth_flat_file plugin: Authentication >>> for: <secretu...@secretdomain.invalid> >>> @400000004b7ac0e606cfeb5c 44729 trying to get config for flat_auth_pw >>> @400000004b7ac0e606d51b7c 44729 auth::auth_flat_file plugin: passClear NOT >>> defined >>> @400000004b7ac0e606d80594 44729 auth::auth_flat_file plugin: passHash >>> defined: 5a8cf0b98d4e09d155f6cd64f5b708fb - >>> <87e78.4b7ac...@denene.dvconsulting.dk> - 7a66033f5c7208945ad2c36b9e92100c >>> @400000004b7ac0e606db265c 44729 Plugin auth::auth_flat_file, hook >>> auth-cram-md5 returned DENY, authflat/cram-md5 - wrong password >>> @400000004b7ac0e606de04bc 44729 535 Authentication failed for >>> m...@dvconsulting.dk - authflat/cram-md5 - wrong password >>> @400000004b7ac0e606e196cc 44729 Authentication failed for >>> m...@dvconsulting.dk - authflat/cram-md5 - wrong password >> ... >> I don't use the auth plugins myself, but maybe this general information will >> help you as I've noticed the corresponding error in your trace: >> If you want to use the MD5-mechanisms, you need a clear-text password. Only >> plain and login will function with a password hash. Be sure that your server >> only announces mechanims that are supported for all users - the announcement >> takes place before the user is known, thus if you have one single user >> without a plaintext password, it would be unable to login otherwise (the >> client would probably try CRAM-MD5 and then - by definition - fail to >> authenticate). >> >> Cheers, >> Baltasar >> >> ((( Baltasar Cevc >> >> >> ) World wide web: >> # http://www.openairkino.net/ (a project for the local youth; German only) >> # http://technik.juz-kirchheim.de/ (programming and admin projects) >> # http://baltasar.cevc-topp.de/ (private homepage) >> ) Phone: >> +49 178 691 22 33 >> ) >> >> >> >> >> >
