Crams Option

From Messaging Server Technical Reference Wiki
Jump to: navigation, search

The crams option (available under mmp, imapproxy, popproxy, and vdomain) is a boolean indicating whether or not to enable the legacy Challenge-Response Authentication Mechanisms (CRAMs) including APOP and CRAM-MD5. For this to work, passwords must be stored in LDAP in plain text format and the BindDN must have read access to the userPassword attribute -- or in more modern configurations ugldapbinddn must have read access to ugldapbindcred. If crams is not set, the has_plain_passwords option will be used instead.

Use of this option in new deployments is strongly discouraged as these authentication mechanisms provide poor security characteristics for the modern Internet.

The default value is: 0

See also: