On Wed, 2008-12-31 at 01:31 +0200, Timo Sirainen wrote: > > - CRAM-MD5 and APOP request/response handler stealing is pretty > > evil, especially with the duplicated structs. I'm sure there's a > > better way, although probably requires larger changes. > > Maybe a new passdb_module_interface.verify_challenge_response() method > which is used if lookup_credentials=NULL. I know passdb checkpassword > could also support a similar feature.
I did some cleanup changes to v1.2 auth code that makes this slightly easier. Then I started also the rest of it but it was getting more complex than I thought initially, so I ended up just saving the non-working patch: http://dovecot.org/patches/1.2/auth-verify-response.diff I think I'll release v1.2 without your patches. I had hoped v1.2.0 would have been released already and I don't really want to cause any more delays to it.
signature.asc
Description: This is a digitally signed message part