* Jared Seipel <[EMAIL PROTECTED]> [2004-02-27 18:46]: > Anyway, this did the trick, beside the fact that the CRAM-MD5 > authenticates against the clear text password and the particular client > that is asking for this has requested clear passwords disabled. Oh Well.
This is a technical problem. You cannot have CRAM-MD5 without clear passwords. Impossible. Tell your customer to read the specs. http://www.ietf.org/rfc/rfc2104.txt In CRAM-MD5 the server sends the client a token for authentication. Both calculate: HMAC = MD5 (( password XOR opad ), MD5 (( password XOR ipad ), token)) and compare the results. How should the server calculate the HMAC without knowing the password? Alex > Thanks a lot for the help! You are welcome. -- Alex Pleiner zeitform Internet Dienste Fraunhoferstrasse 5 64283 Darmstadt, Germany http://www.zeitform.de Tel.: +49 (0)6151 155-635 mailto:[EMAIL PROTECTED] Fax: +49 (0)6151 155-634 GnuPG/PGP Key-ID: 0x613C21EA
