At 16:07 11-12-2009, Shane Chrisp wrote:
Ro Achterberg wrote:

You will need to enable plain text passwords in the database to be able to use cram-md5.

In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point.

Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this?

Yes, thats what I meant by my comment. You need the plain text passwords in the vpopmail database. Having plain text passwords in the database doesn't necessarily lower the security as your database can be on a host which is not accessable to anything by the authenticating machine.


Thanks, I'll be trying that now. I agree with you on the security impact if you in fact had the luxury of building a setup like that. Unfortuntaly though, my colo box provides for a lot more than just an e-mail authentication backend.

I do however have it tightly locked down in a rather complex chrooted setup on top of a grsec hardened kernel, so I won't be worrying about it too much.

Thanks for your help!

Bye, Ro


Reply via email to