Next: , Previous: , Up: Mechanisms   [Contents][Index]

5.5 The CRAM-MD5 mechanism

CRAM-MD5 is a widely used challenge-response mechanism that transfers hashed passwords instead of clear text passwords. It is official deprecated, initially in favor of first DIGEST-MD5 but today SCRAM-SHA-1. For insecure channels (e.g., when TLS is not used), it is has better properties than PLAIN since the unhashed password is not leaked. The CRAM-MD5 mechanism does not support authorization identities; that make the relationship between CRAM-MD5 and DIGEST-MD5/SCRAM-SHA-1 similar to the relationship between LOGIN and PLAIN.

The disadvantage with hashed passwords is that the server cannot use normal authentication infrastructures such as PAM, because the server must have access to the unhashed password in order to validate every authentication attempt.

In the client, this mechanism is always enabled, and it requires the GSASL_AUTHID and GSASL_PASSWORD properties.

In the server, the mechanism will require the GSASL_PASSWORD callback property, which may use the GSASL_AUTHID property to determine which users’ password should be used. The GSASL_AUTHID will be in normalized form. The server will then normalize the password, and compare the client response with the computed correct response, and accept the user accordingly.

See Use of SASLprep in CRAM-MD5, for a clarification on the interpretation of the CRAM-MD5 specification that this implementation rely on.

The CRAM-MD5 mechanism was initially specified in RFC 2095 but quickly revised in RFC 2195. Note that both were published before the core SASL framework, which explains its lack of authorization identity.