Re: [vchkpw] vpopmail + dovecot
On 17-02-2011 01:03, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/16/2011 6:46 PM, Sergio Rosa wrote: Matt, i've some posts you made regarding using the vpopmail driver, however i found nothing explaining how to do it. I did a lot of googling but whitout success (or right search words). Can you detail/explain how to use/configure it? 2.0.9's default configs work with vpopmail already. All you have to do is include the vpopmail.conf.ext at the bottom of 10-auth.conf, and set the proper first_valid_uid/first_valid_gid in 10-mail.conf to the vpopmail:vchkpw IDs. You do not need to compile MySQL support into Dovecot, because the vpopmail driver handles whichever backend you have selected. Try that. If you're still having problems, please post logs detailing the problems Dovecot is having. Enable debugging in 10-logging.conf. - -- /* Matt Brookingsm...@inter7.comGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1cc/EACgkQIwet2/rgZyyBVQCgiGAjDSgl4wyhLjzlygFsNOcY iycAn07JPdo5KWfYYPuJHnU6v4uSAVeX =4Ttt -END PGP SIGNATURE- still no success. Feb 17 10:18:40 mail-srv dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Feb 17 10:19:02 mail-srv dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Feb 17 10:19:02 mail-srv dovecot: auth: Fatal: Support not compiled in for passdb driver 'pam' Feb 17 10:19:02 mail-srv dovecot: master: Error: service(auth): command startup failed, throttling Feb 17 10:19:37 mail-srv dovecot: imap-login: Error: Timeout waiting for handshake from auth server. my pid=26497, input bytes=0 Feb 17 10:20:02 mail-srv dovecot: master: Error: service(auth): command startup failed, throttling Feb 17 10:20:02 mail-srv dovecot: log: Error: service(auth): child 26529 returned error 89 (Fatal failure) It seems that it is not connecting to mysql backend. SELinux is disable, ,mysql is running locally. Thanks !DSPAM:4d5cf81532711895971367!
Re: [vchkpw] vpopmail + dovecot
I will send you mine later today Remo Inviato da iPhone Il giorno 17/feb/2011, alle ore 18:27, Sérgio Rosa sergior...@awd.pt ha scritto: On 17-02-2011 01:03, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/16/2011 6:46 PM, Sergio Rosa wrote: Matt, i've some posts you made regarding using the vpopmail driver, however i found nothing explaining how to do it. I did a lot of googling but whitout success (or right search words). Can you detail/explain how to use/configure it? 2.0.9's default configs work with vpopmail already. All you have to do is include the vpopmail.conf.ext at the bottom of 10-auth.conf, and set the proper first_valid_uid/first_valid_gid in 10-mail.conf to the vpopmail:vchkpw IDs. You do not need to compile MySQL support into Dovecot, because the vpopmail driver handles whichever backend you have selected. Try that. If you're still having problems, please post logs detailing the problems Dovecot is having. Enable debugging in 10-logging.conf. - -- /* Matt Brookings m...@inter7.com GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1cc/EACgkQIwet2/rgZyyBVQCgiGAjDSgl4wyhLjzlygFsNOcY iycAn07JPdo5KWfYYPuJHnU6v4uSAVeX =4Ttt -END PGP SIGNATURE- still no success. Feb 17 10:18:40 mail-srv dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Feb 17 10:19:02 mail-srv dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth Feb 17 10:19:02 mail-srv dovecot: auth: Fatal: Support not compiled in for passdb driver 'pam' Feb 17 10:19:02 mail-srv dovecot: master: Error: service(auth): command startup failed, throttling Feb 17 10:19:37 mail-srv dovecot: imap-login: Error: Timeout waiting for handshake from auth server. my pid=26497, input bytes=0 Feb 17 10:20:02 mail-srv dovecot: master: Error: service(auth): command startup failed, throttling Feb 17 10:20:02 mail-srv dovecot: log: Error: service(auth): child 26529 returned error 89 (Fatal failure) It seems that it is not connecting to mysql backend. SELinux is disable, ,mysql is running locally. Thanks !DSPAM:4d5d027b32713363818646!
Re: [vchkpw] vpopmail + dovecot
here is mine..
cat /usr/local/etc/dovecot.conf
protocols = imap imaps
listen = *
verbose_proctitle = yes
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7 #-- Ensure this is set up in syslog conf
ssl = yes
login_dir = /home/dovecot/
login_max_connections = 4096
login_greeting = Italy1 Server # -- CUSTOMISE FOR YOUR SITE
#default_mail_env = maildir:%h/Maildir
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
first_valid_uid = 89
first_valid_gid = 89
#mail_location = maildir:~/Maildir
protocol imap {
listen = *:143
ssl_listen = *:993
#mail_plugins = quota imap_quota
#login_greeting_capability = no
mail_plugin_dir = /usr/local/lib/dovecot/imap
imap_client_workarounds = outlook-idle
}
auth_process_size = 512
auth_cache_size = 1024
auth_cache_ttl = 3600
auth default {
passdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb prefetch {
}
userdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb static {
args = uid=89 gid=89 home=/home/vpopmail/domains/%d/%u
}
count = 1
}
!DSPAM:4d5d290f32711146215926!
Re: [vchkpw] vpopmail + dovecot
Hi Remo,
thank you. It didn't work. I whent back to vpopmail driver and now it is
working
As Matt refered all I had to change was this:
10-mail.conf:mail_uid = 89
10-mail.conf:mail_gid = 89
10-mail.conf:first_valid_uid = 89
10-mail.conf:last_valid_gid = 89
and magic happend. IMAP is working like a sharm.
On 17-02-2011 13:56, Remo Mattei wrote:
here is mine..
cat /usr/local/etc/dovecot.conf
protocols = imap imaps
listen = *
verbose_proctitle = yes
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7 #-- Ensure this is set up in syslog
conf
ssl = yes
login_dir = /home/dovecot/
login_max_connections = 4096
login_greeting = Italy1 Server # -- CUSTOMISE FOR YOUR
SITE
#default_mail_env = maildir:%h/Maildir
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
first_valid_uid = 89
first_valid_gid = 89
#mail_location = maildir:~/Maildir
protocol imap {
listen = *:143
ssl_listen = *:993
#mail_plugins = quota imap_quota
#login_greeting_capability = no
mail_plugin_dir = /usr/local/lib/dovecot/imap
imap_client_workarounds = outlook-idle
}
auth_process_size = 512
auth_cache_size = 1024
auth_cache_ttl = 3600
auth default {
passdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb prefetch {
}
userdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb static {
args = uid=89 gid=89 home=/home/vpopmail/domains/%d/%u
}
count = 1
}
--
*AWD
*arquitectura web e design, lda
rua do moinho velho, 19 2ºdto
2655-242 ericeira
tlm +351 913 489 195
mail sergior...@awd.pt mailto:sergior...@awd.pt
url http://www.awd.pt
!DSPAM:4d5d57c332711838152494!
[vchkpw] vpopmail + dovecot
Hi all,
i'm near insanity trying to config dovecot as imap server.
I'm running vpopmail 5.4.26 with mysql backend. It seems impossible to
get dovecot 2.0.9 to work.
My dovecot.conf contains just this:
protocols = imap
!include conf.d/00-awd.conf
and 00-awd.conf contains:
auth_mechanisms = plain
log_path = syslog
syslog_facility = mail
auth_verbose = yes
auth_debug = yes
mmap_disable = yes
mail_fsync = always
mail_nfs_storage = yes
mail_nfs_index = yes
default_login_user = dovenull
default_internal_user = dovecot
service imap-login {
inet_listener imap {
port = 143
}
}
ssl = no
!include awd-conf.ext
and awd-conf.ext
driver=mysql
connect = host=localhost dbname=vpopmail user=vuser password=vpass
default_pass_scheme = PLAIN
password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, \
pw_clear_passwd AS password \
FROM vpopmail \
WHERE pw_name = '%n' AND pw_domain = '%d'
user_query = SELECT pw_dir as home, \
89 AS uid, 89 AS gid \
FROM vpopmail \
WHERE pw_name = '%n' AND pw_domain = '%d'
but dovecot complains that driver= mysql is Unknow.
Dovecot was compiled with --mysql --vpopmail
Please help.
Thanks,
sergio rosa
!DSPAM:4d5c672832711248615606!
Re: [vchkpw] vpopmail + dovecot
I will send you mine later today. (traveling now) Ciao !DSPAM:4d5c67ae32711350586420!
Re: [vchkpw] vpopmail + dovecot
Matt, i've some posts you made regarding using the vpopmail driver, however i found nothing explaining how to do it. I did a lot of googling but whitout success (or right search words). Can you detail/explain how to use/configure it? Thank you On 17/02/2011 00:12, Matt Brookings wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/16/2011 6:09 PM, Sergio Rosa wrote: and awd-conf.ext driver=mysql Use the vpopmail driver. - -- /* Matt Brookingsm...@inter7.comGnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1cZ9MACgkQIwet2/rgZyx5eQCfUGWBxX+1Tt39q1hT4QJEU88H wZgAnRD6ctpblpHTrEr6JHwcS1iwM62D =AwAG -END PGP SIGNATURE- -- *AWD *arquitectura web e design, lda rua do moinho velho, 19 2ºdto 2655-242 ericeira tlm +351 913 489 195 mail sergior...@awd.pt mailto:sergior...@awd.pt url http://www.awd.pt http://www.awd.pt/ !DSPAM:4d5c6fdd32711918854278!
Re: [vchkpw] vpopmail - dovecot - cluster configuration
Hi,
Thank you for response.
My dovecot configuration is almost the same.
My question is: Is this functionality working at all. Have you tried it?
Try the situation when the master (write) database go down. (unreachable)
Are still the other nodes able to log in users (without the information
about last log in)
Thanx
--
S pozdravom / best regards
Juraj Hantak
On 4. 1. 2010 16:39, Remo Mattei wrote:
You should have pop and imap for dovecot :)
Not sure your conf is correct here is mine
protocols = imap imaps
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7 #-- Ensure this is set up in syslog conf
ssl_disable = no
login_user = dovecot
login_dir = /home/dovecot/
login_max_connections = 4096
login_greeting = Italy1 IMAP Server #-- CUSTOMISE FOR YOUR
SITE
#default_mail_env = maildir:%h/Maildir
ssl_cert_file = /usr/local/etc/ssl/italy1-cert.pem
ssl_key_file = /usr/local/etc/ssl/italy1.pem
first_valid_uid = 89
first_valid_gid = 89
protocol imap {
listen = *:143
ssl_listen = *:993
#mail_plugins = quota imap_quota
#login_greeting_capability = no
mail_plugin_dir = /usr/local/lib/dovecot/imap
imap_client_workarounds = outlook-idle
}
auth_process_size = 512
auth_cache_size = 1024
auth_cache_ttl = 3600
auth default {
mechanisms = plain
# vpopmail authentication
passdb vpopmail {
#args =
}
# vpopmail
userdb vpopmail {
}
user = root
}
dict {
#quota = mysql:/etc/dovecot-dict-quota.conf
}
plugin {
quota = maildir
}
On 1/4/10 02:58 , Juraj Hantakhan...@webglobe.sk wrote:
Hi,
We are using vpopmail - dovecot in a cluster configuration.(
--enable-mysql-replication ) enabled.
Vpopmail is configured to use two connection, (1 for reading 1 for
writing) .
Mysql replications are also configured and working
Using: vpopmail 5.4.27
dovecot : 1.2.9
Problem:
After the writing connection go down the authorization for users is not
working.
We are getting timeouts for user authorizations.
Please can you confirm that this cluster configuration is working with
dovecot without problem?
We are getting:
dovecot: pop3-login: Can't connect to auth server at default: Resource
temporarily unavailable
at the same time vchkpw running over qmail was working well. (SMTP auth)
In dovecot we have:
auth default {
mechanisms = plain
passdb vpopmail {
}
userdb vpopmail {
}
user = vpopmail
}
With courier imap there was not this problem.
Thank you for any response.
!DSPAM:4b430afb32712070620025!
Re: [vchkpw] vpopmail - dovecot - cluster configuration
Hi there I do not have any problems at all. Ciao Remo On 1/5/10 02:48 , Juraj Hantak han...@webglobe.sk wrote: Hi, Thank you for response. My dovecot configuration is almost the same. My question is: Is this functionality working at all. Have you tried it? Try the situation when the master (write) database go down. (unreachable) Are still the other nodes able to log in users (without the information about last log in) Thanx !DSPAM:4b435edb32711720515753!
[vchkpw] vpopmail - dovecot - cluster configuration
Hi,
We are using vpopmail - dovecot in a cluster configuration.(
--enable-mysql-replication ) enabled.
Vpopmail is configured to use two connection, (1 for reading 1 for
writing) .
Mysql replications are also configured and working
Using: vpopmail 5.4.27
dovecot : 1.2.9
Problem:
After the writing connection go down the authorization for users is not
working.
We are getting timeouts for user authorizations.
Please can you confirm that this cluster configuration is working with
dovecot without problem?
We are getting:
dovecot: pop3-login: Can't connect to auth server at default: Resource
temporarily unavailable
at the same time vchkpw running over qmail was working well. (SMTP auth)
In dovecot we have:
auth default {
mechanisms = plain
passdb vpopmail {
}
userdb vpopmail {
}
user = vpopmail
}
With courier imap there was not this problem.
Thank you for any response.
--
S pozdravom / best regards
Juraj Hantak
!DSPAM:4b41bbbd32712038515954!
Re: [vchkpw] vpopmail - dovecot - cluster configuration
You should have pop and imap for dovecot :)
Not sure your conf is correct here is mine
protocols = imap imaps
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7 #-- Ensure this is set up in syslog conf
ssl_disable = no
login_user = dovecot
login_dir = /home/dovecot/
login_max_connections = 4096
login_greeting = Italy1 IMAP Server # -- CUSTOMISE FOR YOUR
SITE
#default_mail_env = maildir:%h/Maildir
ssl_cert_file = /usr/local/etc/ssl/italy1-cert.pem
ssl_key_file = /usr/local/etc/ssl/italy1.pem
first_valid_uid = 89
first_valid_gid = 89
protocol imap {
listen = *:143
ssl_listen = *:993
#mail_plugins = quota imap_quota
#login_greeting_capability = no
mail_plugin_dir = /usr/local/lib/dovecot/imap
imap_client_workarounds = outlook-idle
}
auth_process_size = 512
auth_cache_size = 1024
auth_cache_ttl = 3600
auth default {
mechanisms = plain
# vpopmail authentication
passdb vpopmail {
#args =
}
# vpopmail
userdb vpopmail {
}
user = root
}
dict {
#quota = mysql:/etc/dovecot-dict-quota.conf
}
plugin {
quota = maildir
}
On 1/4/10 02:58 , Juraj Hantak han...@webglobe.sk wrote:
Hi,
We are using vpopmail - dovecot in a cluster configuration.(
--enable-mysql-replication ) enabled.
Vpopmail is configured to use two connection, (1 for reading 1 for
writing) .
Mysql replications are also configured and working
Using: vpopmail 5.4.27
dovecot : 1.2.9
Problem:
After the writing connection go down the authorization for users is not
working.
We are getting timeouts for user authorizations.
Please can you confirm that this cluster configuration is working with
dovecot without problem?
We are getting:
dovecot: pop3-login: Can't connect to auth server at default: Resource
temporarily unavailable
at the same time vchkpw running over qmail was working well. (SMTP auth)
In dovecot we have:
auth default {
mechanisms = plain
passdb vpopmail {
}
userdb vpopmail {
}
user = vpopmail
}
With courier imap there was not this problem.
Thank you for any response.
!DSPAM:4b420bb132711237280688!
[vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
Hi all, I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL installation and I believe I've run into a problem. Dovecot is servicing both IMAP and POP3, using MySQL as the authentication middle-man. It seems however that vpopmail is storing its passwords as MD5-CRYPT in the MySQL tables, while I want Dovecot to use CRAM-MD5. This seems to be the most used authentication scheme by far, and I'd like to avoid using PLAIN or LOGIN authentications as they're not up to my security standards. When I try setting default_pass_scheme = CRAM-MD5 in dovecot-sql.conf, Dovecot's auth worker complains with the following line: Dec 11 12:31:52 onion dovecot: auth-worker(default): sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected scheme CRAM-MD5 Which makes sense, because the passwords are stored as MD5-CRYPT by vpopmail. I assume that my setup is not unique in its kind, which makes me wonder what I'm doing wrong here! Any insights on how to make this work using CRAM-MD5 passwords throughout the whole system would be greatly appreciated. Bye, Ro !DSPAM:4b223afe32716543717066!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
Ro Achterberg wrote: Hi all, I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL installation and I believe I've run into a problem. Dovecot is servicing both IMAP and POP3, using MySQL as the authentication middle-man. It seems however that vpopmail is storing its passwords as MD5-CRYPT in the MySQL tables, while I want Dovecot to use CRAM-MD5. This seems to be the most used authentication scheme by far, and I'd like to avoid using PLAIN or LOGIN authentications as they're not up to my security standards. When I try setting default_pass_scheme = CRAM-MD5 in dovecot-sql.conf, Dovecot's auth worker complains with the following line: Dec 11 12:31:52 onion dovecot: auth-worker(default): sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected scheme CRAM-MD5 Which makes sense, because the passwords are stored as MD5-CRYPT by vpopmail. I assume that my setup is not unique in its kind, which makes me wonder what I'm doing wrong here! Any insights on how to make this work using CRAM-MD5 passwords throughout the whole system would be greatly appreciated. Bye, Ro You will need to enable plain text passwords in the database to be able to use cram-md5. !DSPAM:4b2258e232711690019057!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
At 15:36 11-12-2009, Shane Chrisp wrote: Ro Achterberg wrote: Hi all, I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL installation and I believe I've run into a problem. Dovecot is servicing both IMAP and POP3, using MySQL as the authentication middle-man. It seems however that vpopmail is storing its passwords as MD5-CRYPT in the MySQL tables, while I want Dovecot to use CRAM-MD5. This seems to be the most used authentication scheme by far, and I'd like to avoid using PLAIN or LOGIN authentications as they're not up to my security standards. When I try setting default_pass_scheme = CRAM-MD5 in dovecot-sql.conf, Dovecot's auth worker complains with the following line: Dec 11 12:31:52 onion dovecot: auth-worker(default): sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected scheme CRAM-MD5 Which makes sense, because the passwords are stored as MD5-CRYPT by vpopmail. I assume that my setup is not unique in its kind, which makes me wonder what I'm doing wrong here! Any insights on how to make this work using CRAM-MD5 passwords throughout the whole system would be greatly appreciated. Bye, Ro You will need to enable plain text passwords in the database to be able to use cram-md5. In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point. Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Bye, Ro !DSPAM:4b225df432711468934747!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
Ro Achterberg wrote: You will need to enable plain text passwords in the database to be able to use cram-md5. In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point. Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Yes, thats what I meant by my comment. You need the plain text passwords in the vpopmail database. Having plain text passwords in the database doesn't necessarily lower the security as your database can be on a host which is not accessable to anything by the authenticating machine. Shane !DSPAM:4b22602a32711774717678!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
At 16:07 11-12-2009, Shane Chrisp wrote: Ro Achterberg wrote: You will need to enable plain text passwords in the database to be able to use cram-md5. In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point. Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Yes, thats what I meant by my comment. You need the plain text passwords in the vpopmail database. Having plain text passwords in the database doesn't necessarily lower the security as your database can be on a host which is not accessable to anything by the authenticating machine. Shane Thanks, I'll be trying that now. I agree with you on the security impact if you in fact had the luxury of building a setup like that. Unfortuntaly though, my colo box provides for a lot more than just an e-mail authentication backend. I do however have it tightly locked down in a rather complex chrooted setup on top of a grsec hardened kernel, so I won't be worrying about it too much. Thanks for your help! Bye, Ro !DSPAM:4b2262ce32718688460864!
Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem
Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this? Yes, thats what I meant by my comment. You need the plain text passwords in the vpopmail database. Having plain text passwords in the database doesn't necessarily lower the security as your database can be on a host which is not accessable to anything by the authenticating machine. Just to elaborate on the point, CRAM-MD5 authentication REQUIRES that the passwords be stored as plaintext, as that's the only way to verify the MD5 hash provided by the client. Server send the seed string, client concatenates the seed and password (and maybe username, don't remember), and sends the MD5 hash of that. Server then concats the seed it sent with the known plaintext password and compares the MD5 hash it comes up with to that which the client sends. It's a tradeoff - keeping plaintext passwords on a (hopefully) secure server vs allowing the client to send the password in plaintext over the network (though possibly over an encrypted channel). I like it, but YMMV. Josh Joshua Megerman SJGames MIB #5273 - OGRE AI Testing Division You can't win; You can't break even; You can't even quit the game. - Layman's translation of the Laws of Thermodynamics vpopm...@honorablemenschen.com !DSPAM:4b22669432713716511896!
