The CRAM-MD5 SASL mechanism provides the ability for clients to perform password-based authentication in a manner that does not expose their password in the clear.
Rather than including the password in the bind request, the CRAM-MD5 mechanism uses a two-step process in which the client needs only to prove that it knows the password. The server sends randomly-generated data to the client that is to be used in the process, which makes it resistant to replay attacks. The one-way message digest algorithm ensures that the original clear-text password is not exposed. Note that the algorithm used by the CRAM-MD5 mechanism requires that both the client and the server have access to the clear-text password (or potentially a value that is derived from the clear-text password). In order to authenticate to the server using CRAM-MD5, the password for a user's account must be encoded using a reversible password storage scheme that allows the server to have access to the clear-text value.
The Cram MD5 SASL Mechanism Handler component inherits from the SASL Mechanism Handler
A description of each property follows.
|Basic Properties:||Advanced Properties:|
|↓ enabled||↓ java-class|
|Description||Indicates whether the SASL mechanism handler is enabled for use. |
|Admin Action Required||None|
|Description||Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. |
|Allowed Values||A java class that implements or extends the class(es) :|
|Admin Action Required||The Cram MD5 SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect|