Hi Odhiambo, Sorry for not replying back to you sooner. I've been away on vacation for several weeks and just got back home. The cleartext password dates back to the original Vexim code as Avleen Vig recently stated on the Vexim Mailing list: "Indeed. The storage of the 'clear' field was something one company requested way back in 2003 I think. In hindsight it was a *terrible* idea, but I was young and naive at the time." See: http://silverwraith.com/pipermail/vexim/2013-July/000691.html In any event, I agree with you and Avleen that we need to get rid of the cleartext password. Have you achieved any progress using crypt with dovecot? Here is a "Howto" on disabling saving of passwords in clear text with Vexim: http://axel.sjostedt.no/misc/dev/vexim-customizations/ But the referenced IMAP client is Courier instead of Dovecot. Nevertheless, it shouldn't be that hard with Dovecot. FWIW, I intend to fix this issue in a future release of Exim4U so that the passwords are not stored in plain text. Please let me know if you have made any progress here and, if so, would you please share your work? I would prefer not to reinvent the wheel if it isn't necessary. Thanks, Gordon On 06/26/2013 11:31 AM, Odhiambo Washington wrote:
Someone please remind me why we authenticate users using cleartext passwords with exim4u.
Why are we not using the crypt field? Anyone using crypt, please share dovecot-sql.conf, please.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ users mailing list users(a)exim4u.org https://exim4u.org/mailman/listinfo/users