On Mon, 2008-01-07 at 23:59 +0100, Frank Kintrup wrote:
> Manually altering the users password in the database to "{PLAIN}xxxx"
> (where "xxxx" is the user's password WITH curly braces) fixed this problem
> for me at this time, but the time a user chooses such a strange password
> I would have to edit the table again. So in my opinion the {SCHEME}-prefix
> is not a useful thing. Why would anyone need it, anyway? Shouldn't all
> passwords have the same scheme which is set in the dovecot.conf file once?
Often they are, but there are installations which use multiple schemes.
For example otherwise it would be pretty much impossible to change a
scheme for an existing installation.
> If the feature is indeed used: with a database lookup it should be
> replaced by an optional database field or, if that's not possible, it
> should be possible to disable this feature from the config file.
It's possible since v1.0.8. I guess I should write about this to wiki as
well:
+ Authentication: Added "password_noscheme" field that can be used
instead of "password". "password" treats "{prefix}" as a password
scheme while "password_noscheme" treats it as part of the password
itself. So "password_noscheme" should be used if you're storing
passwords as plaintext. Non-plaintext passwords never begin
with "{", so this isn't a problem with them.
signature.asc
Description: This is a digitally signed message part
