It would be nice if the learn-password feature was moved into vpopmail so
that Courier-Authlib could support the learning.

I don't really know why people are so keen on Dovecot.  Is it because it is
part of RH now?  I'm sticking with Courier-IMAP because Dovecot isn't mature
enough and Courier-IMAP has been good to me in the past. 

As for the auto-learning CRAM-MD5, I'm LOL at myself on that one.  I
understand how CRAM-MD5 works yet I still had a total brain-fart.  Oh

-----Original Message-----
From: Tom Collins [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 14, 2008 10:00 PM
Subject: Re: [vchkpw] not auto-learning passwords

On Apr 14, 2008, at 3:46 PM, D. Hilbig wrote:
> If I do a plaintext login which will check against the hashed password
> stored in the SQL table, I can login with any password.  However, a  
> login (which checks against the clear password) with any password  
> will fail.
> If both the hashed password and clear password in the SQL table are  
> (empty), I'd expect the behavior to be the same regardless of CRAM- 
> MD5 or
> plaintext.

IIRC, this was intentional.  It's impossible to learn a password via  
CRAM-MD5, so we fail until we can learn a password through some other  

Password learning happens in vchkpw, but I guess it should move into  
vpopmail so any app calling the API can have a password "learned".

And to those who recommend Dovecot, it probably doesn't do learning  
either, for the same reasons.

I just checked courier 3.0.8, and it looks like it should update the  
password...  I checked dovecot 1.0.10, and found this, "Thanks to  
Courier-IMAP for showing how the vpopmail API should be used".  It  
doesn't appear to have code that updates the password.

Unfortunately, there's no way to update libvpopmail to have it learn  
the password.  We'll have to update the individual apps (courier and  
dovecot) and get the maintainers to accept the changes into the next  



Reply via email to