- DIGEST-MD5: Should be quite secure by itself. It also supports
integrity protecting and crypting the rest of the communication, but
we don't support those yet.
+ - CRAM-MD5: Protects the secret in transit from eavesdroppers. Doesn't
+ provide any integrity guarantees.
- ANONYMOUS: No authentication required. User will be logged in as the user
specified by auth_anonymous_username setting (default "anonymous"). There's
no special restrictions given for anonymous users so you have to make sure
- PLAIN: Although not that good idea, it enables support for all current
and future authentication mechanisms.
+ - HMAC-MD5: HMAC-MD5 context of password, for the CRAM-MD5 mechanism.
- DIGEST-MD5: MD5 sum of "user:realm:password", as required by DIGEST-MD5
mechanism.
auth default {
# Space separated list of wanted authentication mechanisms:
- # plain digest-md5 anonymous
+ # plain digest-md5 cram-md5 anonymous
mechanisms = plain
# Where user database is kept:
static const char *get_cram_challenge(void)
{
- char buf[17];
+ unsigned char buf[17];
size_t i;
hostpid_init();
buf[i] = (buf[i] % 10) + '0';
buf[sizeof(buf)-1] = '\0';
- return t_strdup_printf("%s.%s@%s", buf, dec2str(ioloop_time),
- my_hostname);
+ return t_strdup_printf("<%s.%s@%s>", (const char *) buf,
+ dec2str(ioloop_time), my_hostname);
}
static int verify_credentials(struct cram_auth_request *auth,
case PASSDB_CREDENTIALS_CRYPT:
return "CRYPT";
case PASSDB_CREDENTIALS_CRAM_MD5:
- return "CRAM-MD5";
+ return "HMAC-MD5";
case PASSDB_CREDENTIALS_DIGEST_MD5:
return "DIGEST-MD5";
}
-/* Copyright (C) 2003 Timo Sirainen */
+/* Copyright (C) 2003 Timo Sirainen / Joshua Goodall */
#include "lib.h"
#include "md5.h"
if (strcasecmp(scheme, "PLAIN") == 0)
return strcmp(password, plaintext) == 0;
+ if (strcasecmp(scheme, "HMAC-MD5") == 0) {
+ str = password_generate_cram_md5(plaintext);
+ return strcmp(str, password) == 0;
+ }
+
if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
/* user:realm:passwd */
realm = strchr(user, '@');
if (strcasecmp(scheme, "PLAIN") == 0)
return plaintext;
- if (strcasecmp(scheme, "CRAM-MD5") == 0)
+ if (strcasecmp(scheme, "HMAC-MD5") == 0)
return password_generate_cram_md5(plaintext);
if (strcasecmp(scheme, "DIGEST-MD5") == 0) {
projects / thirdparty / dovecot / core.git / commitdiff
