search for: response_authentication

...last time I looked cram-md5 was the only candidate for not transferring the password in cleartext during authentication (and with dovecot cram-md5 requires a special passwd file, which is why I wrote this pam module in the first place). References: [1] <https://en.wikipedia.org/wiki/Challenge?response_authentication>

This is a PAM module that listens for password changes, and will update the MD5 password for a user, in a file that dovecot can read, when the user's password is changed: https://github.com/steinarb/pam_dovecotmd5pwd Caveat emptor! (Works for me...! :-) )

...as the only candidate for not > transferring the password in cleartext during authentication (and with > dovecot cram-md5 requires a special passwd file, which is why I wrote > this pam module in the first place). > > References: > [1] <https://en.wikipedia.org/wiki/Challenge?response_authentication> Is there some reason you cannot protect your users with TLS/SSL? Using CRAM-MD5 is not very secure option, since you have to store the password in clear text. Plain MD5 is almost plaintext these days. Aki