Why not do what most suggest now days, thats dump courier and use Dovecot, read the archives...


On 15/04/08 13:33:21, D. Hilbig wrote:

Even with v5.4.26d the problem persists.  Courier-Authlib's
authchkvpw
simply will not auto-learn the password when performing a plaintext
login
and authentication will simply fail when doing a CRAM-MD5 login.

On the plus side, the vchkpw executable that I'm using with
qmail-smtpd does
auto-learn the password.  Unfortunately, many of my users don't
authenticate
to SMTP so I'm dependent on Authlib to do the auto-learn.


-----Original Message-----
From: D. Hilbig [mailto:[EMAIL PROTECTED]
Sent: Monday, April 14, 2008 3:46 PM
To: vchkpw@inter7.com
Subject: RE: [vchkpw] not auto-learning passwords


Since Courier's authentication functions are now external to its
IMAP and
POP3 services, the results are always going to be the same.

I also just discovered another bug when testing the auto-learning
password
feature.  It has to do with CRAM-MD5 authentication.

If I do a plaintext login which will check against the hashed
password
stored in the SQL table, I can login with any password.  However, a
CRAM-MD5
login (which checks against the clear password) with any password
will fail.
If both the hashed password and clear password in the SQL table are
NULL
(empty), I'd expect the behavior to be the same regardless of
CRAM-MD5 or
plaintext.

Well, I'm going to upgrade to v5.4.26d and then recompile
Courier-auth.
I'll let you know if anything changes.

Wouldn't it be funny if the "--enable-sql-logging" option which
reportedly
is the cause of another problem I'm having is also the source of
this
problem?





!DSPAM:4804238d120502165733896!

Reply via email to