dovecot - Dec 2011 - APOP and AuthDatabase/SQL

Hi,

We're running dovecot 1.2.15 and use SQL authentication. We'd like to
be able to support APOP, but can't see how this would fit in with SQL
auth.

Currently we have:

password_query = SELECT email as user, password FROM virtual_users
WHERE  email='%u' or (email LIKE '%n@%%' AND
unhashed='%w')

It seems that in order to auth APOP logins, we'd need to access
variables containing the authentication string sent by the client, and
also variables containing the auth string sent in the POP3 greeting.

Incidentally, the RFC (1939) suggests using:

     <pid.time at hostname>

 for the greeting, but it looks as if dovecot uses something else? I'm
seeing greetings such as:

+OK Dovecot ready.
<260f.4abcc.4ef11550.cJD6sQSUSnmPS1B/5RGF0Q==@myhostname.com>

base64 encoding?

Thanks in advance,
Peter Smith

On 21.12.2011, at 1.08, Peter Smith wrote:
> We're running dovecot 1.2.15 and use SQL authentication. We'd like
to
> be able to support APOP, but can't see how this would fit in with SQL
> auth.
> 
> Currently we have:
> 
> password_query = SELECT email as user, password FROM virtual_users
> WHERE  email='%u' or (email LIKE '%n@%%' AND
unhashed='%w')
> 
> It seems that in order to auth APOP logins, we'd need to access
> variables containing the authentication string sent by the client, and
> also variables containing the auth string sent in the POP3 greeting.
The only way to get it working is to have the password_query return the password
in plaintext, so Dovecot can do the APOP check. There's no way to get the
APOP greeting string.