On Sat, 20 Oct 2001, Ken Murchison wrote:
> There is now way with SASL v1.5 because sasldb stores an intermediate
> value used in CRAM-MD5, not the plaintext password. In SASL v2 sasldb
> store only plaintext passwords, so it *might* be possible to use
> pwcheck/saslauthd to do non-plaintext mechs. You'll have to check with
> Rob Siemborski about this.
No, it is not possible to sue CRAM-MD5 (or DIGEST-MD5) with
pwcheck/saslauthd, because the mechanism needs to be able to compute the
secret which is used from the plaintext. saslauthd and pwcheck both will
only verify a password (as in, return 'YES' or 'NO'), they will not return
the password itself (or a secret) which is what is necessary to
authenticate the user.
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski | Andrew Systems Group * Cyert Hall 235 * 412-CMU-TREK
| Cyrus SASL Developer, /usr/contributed Gatekeeper
