1#@!#!123s

: / usr / share / doc / libc-client /

Filename : md5.txt

back

/* ========================================================================
 * Copyright 1988-2006 University of Washington
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * 
 * ========================================================================
 */

		       MD5 Based Authentication
			     Mark Crispin
			   1 November 1999


     The IMAP toolkit makes available two MD5 based authentication
mechanisms, CRAM-MD5 and APOP.  CRAM-MD5 is described in RFC 2195, and
is a SASL (RFC 2222) authentication mechanism.  APOP is described in
RFC 1939, the standard document for the POP3 protocol.

     These mechanisms use the same general idea.  The server issues a
challenge; the client responds with an MD5 checksum of the challenge
plus the password; the server in compares the client's response with
its own calculated value of the checksum.  If the client's response
matches the server's calulated value, the client is authenticated.

     Unlike plaintext passwords, this form of authentication is
believed to be secure against the session being monitored; "sniffing"
the session will not disclose the password nor will it provide usable
information to authenticate in another session without knowing the
password.

     The key disadvantage with this form of authentication is that the
server must know a plaintext form of the password.  In traditional
UNIX authentication, the server only knows an encrypted form of the
password.  Consequently, the authentication database for this form of
authentication must be kept strictly confidential; a bad guy who
acquires access to this database can access any account in the
database.

     CRAM-MD5 client support is implemented unconditionally; any
client application built with the IMAP toolkit will use CRAM-MD5 with
any server which advertises CRAM-MD5 SASL support.

     CRAM-MD5 and APOP server support is implemented if, and only if,
the CRAM-MD5 authentication database exists.  By default, the CRAM-MD5
authentication database is in a UNIX file called
	/etc/cram-md5.pwd
It is recommended that this file be protected 0400.

	NOTE: FAILURE TO PROTECT THIS FILE AGAINST UNAUTHORIZED
	ACCESS WILL COMPROMSE CRAM-MD5 AND APOP AUTHENTICATION
	FOR ALL USERS LISTED IN THIS DATABASE.

     If the CRAM-MD5 authentication database exists, then plaintext
password authentication (e.g. the LOGIN command) will also use the
CRAM-MD5 passwords instead of UNIX passwords.  Alternatively, it is
possible to build the IMAP toolkit so that plaintext password
authentication is disabled entirely, by using PASSWDTYPE=nul, e.g.
	make aix PASSWDTYPE=nul


     The CRAM-MD5 authentication database file consists of a series of
text lines, consisting of a UNIX user name, a single tab, and the
password.  A line starting with a "#" character is ignored, as are any
lines which are not in valid format.  For example:

------------------------------Sample------------------------------
# CRAM-MD5 authentication database
# Entries are in form <user><tab><password>
# Lines starting with "#" are comments

bill	hubba-hubba
hillary	nysenator
monica	beret
tripp	wired
kenstarr	inquisitor
reno	waco
jessie	thebody
billgates	ruleworld
------------------------------Sample------------------------------

     Every entry in the CRAM-MD5 authentication database must have a
corresponding entry in the /etc/passwd file.  It is STRONGLY
RECOMMENDED that the CRAM-MD5 password NOT be the same as the
/etc/passwd password.  It is permitted for the /etc/passwd password to
be disabled; /etc/passwd is just used to get the UID, GID, and home
directory information.

Name	Size	Last Modified	Owner	Permissions
FAQ.txt	140.422 KB	July 23 2011 12:20:20	root	0644
IPv6.txt	4.703 KB	July 23 2011 12:20:21	root	0644
LICENSE.txt	11.093 KB	July 23 2011 12:20:21	root	0644
NOTICE	0.741 KB	July 23 2011 12:20:21	root	0644
RELNOTES	33.628 KB	July 23 2011 12:20:21	root	0644
SUPPORT	0.81 KB	July 23 2011 12:20:21	root	0644
bugs.txt	11.677 KB	July 23 2011 12:20:21	root	0644
calendar.txt	14.768 KB	July 23 2011 12:20:20	root	0644
commndmt.txt	4.875 KB	July 23 2011 12:20:21	root	0644
drivers.txt	7.555 KB	July 23 2011 12:20:21	root	0644
formats.txt	8.912 KB	July 23 2011 12:20:20	root	0644
imaprc.txt	26.483 KB	July 23 2011 12:20:20	root	0644
internal.txt	112.376 KB	July 23 2011 12:20:21	root	0644
locking.txt	18.888 KB	July 23 2011 12:20:21	root	0644
md5.txt	3.695 KB	July 23 2011 12:20:21	root	0644
mixfmt.txt	14.197 KB	July 23 2011 12:20:20	root	0644
naming.txt	4.905 KB	July 23 2011 12:20:20	root	0644

2017 © D7net \| D704T team