Hello Timo, An mer., avr 08, 2009, Timo Sirainen schrieb: >On Thu, 2009-04-09 at 00:31 +0200, dovecotl...@encambio.com wrote: >> I've already verified that this works correctly with plaintext >> (CLEARTEXT in slapd.conf), but I really want to store the passwords >> in LDAP using some hash. Why doesn't LDAP-MD5 work as advertised? > >Because it's impossible to support it. Read >http://wiki.dovecot.org/Authentication/Mechanisms > >> What did the author mean by 'properly hashed passwords'? Thanks. > >I made it a link now to >http://wiki.dovecot.org/Authentication/PasswordSchemes#Non-plaintext_authentication_mechanisms > The new text clears up the confusion. Before, it sounded as at least CRAM-MD5 could be implemented with MD5 encoded password stoarge. I suppose if LDAP could store passwords in CRAM-MD5 format (whatever that is) then this goal would be achievable. Reading slapd.conf(5), it seems LDAP can only store {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT}, and {CLEARTEXT}. It's probably in the RFC, and CRAM-MD5 is missing from the list.
How sad. -- Eduard
