crams option (available under
vdomain) is a boolean indicating whether or not to enable the legacy Challenge-Response Authentication Mechanisms (CRAMs) including APOP and CRAM-MD5. For this to work, passwords must be stored in LDAP in plain text format and the
BindDN must have read access to the
userPassword attribute -- or in more modern configurations
ugldapbinddn must have read access to
crams is not set, the has_plain_passwords option will be used instead.
Use of this option in new deployments is strongly discouraged as these authentication mechanisms provide poor security characteristics for the modern Internet.
The default value is: 0