38 messages in net.sourceforge.lists.courier-usersRe: [courier-users] ESMTP Auth and LD...
FromSent OnAttachments
Bill LongFeb 18, 2003 10:36 pm 
Gordon MessmerFeb 18, 2003 11:32 pm 
Bill LongFeb 19, 2003 12:00 am 
Matt PavlovichFeb 19, 2003 8:29 am 
Brian CandlerFeb 19, 2003 12:40 pm 
Matt PavlovichFeb 19, 2003 12:58 pm 
Brian CandlerFeb 19, 2003 1:41 pm 
Matt PavlovichFeb 19, 2003 2:22 pm 
Sam VarshavchikFeb 19, 2003 3:03 pm 
Sam VarshavchikFeb 19, 2003 3:05 pm 
Brian CandlerFeb 19, 2003 3:06 pm 
Brian CandlerFeb 19, 2003 3:27 pm 
Gordon MessmerFeb 19, 2003 4:09 pm 
Kurt BiglerFeb 19, 2003 4:18 pm 
Gordon MessmerFeb 19, 2003 4:37 pm 
Jeff PotterFeb 19, 2003 5:35 pm 
Jason HaarFeb 19, 2003 6:16 pm 
John RuddFeb 19, 2003 9:54 pm 
Gordon MessmerFeb 19, 2003 11:18 pm 
John RuddFeb 20, 2003 12:15 am 
John RuddFeb 20, 2003 1:06 am 
Brian CandlerFeb 20, 2003 2:27 am 
Brian CandlerFeb 20, 2003 2:37 am 
Brian CandlerFeb 20, 2003 5:01 am 
Brian CandlerFeb 20, 2003 5:13 am 
John RuddFeb 20, 2003 5:56 am 
John RuddFeb 20, 2003 6:13 am 
John RuddFeb 20, 2003 6:17 am 
Brian CandlerFeb 20, 2003 7:23 am 
Gordon MessmerFeb 20, 2003 7:51 am 
Matt PavlovichFeb 20, 2003 8:53 am 
Gordon MessmerFeb 20, 2003 9:09 am 
Eduardo RoldanFeb 20, 2003 10:28 am 
Jason HaarFeb 20, 2003 11:21 am 
Patrik NilssonFeb 20, 2003 2:10 pm 
Brian CandlerFeb 20, 2003 2:14 pm 
Sam VarshavchikFeb 20, 2003 3:06 pm 
Sam VarshavchikFeb 20, 2003 3:08 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] ESMTP Auth and LDAP problemsActions...
From:Matt Pavlovich (mp@algx.net)
Date:Feb 19, 2003 12:58:44 pm
List:net.sourceforge.lists.courier-users

Does the CRAM-SHA1 process hand a string that the mail server can eventually extract a 'normal' SHA1 hash out of?

If so, then it would be trivial to support SHA1 hash compares if the password hash is stored as SHA1 in the directory server. Storing clear text passwords sucks, legal departments and mgmt frown on it..

Matt Pavlovich

On Wed, 2003-02-19 at 14:38, Brian Candler wrote:

On Wed, Feb 19, 2003 at 10:28:56AM -0600, Matt Pavlovich wrote:

How does CRAM-SHA1 differ from a standard SHA1 hash?

SHA1 is just a hash; CRAM-SHA1 is a mechanism for authenticating someone using a challenge-response exchange, which happens to use SHA1 as part of its protocol.

CRAM-MD5 is documented in RFC2195, which was "deliberately written to permit easy upgrading to use SHA" (so I'm not sure if there's a separate document on CRAM-SHA1 per se).

Regards,

Brian.

-- Matt Pavlovich <mp@algx.net> Allegiance Telecom, Inc.