CommuniGate passwords are strings stored in the Account Settings. Password strings can be stored in the clear-text format or in encoded format. The Password Encryption Account Setting specifies the encryption to use when the account password is updated. When this setting is changed, the currently stored password is not re-encrypted.
When the U-crpt Password Encryption option is selected, the CommuniGate passwords are stored using the standard Unix crypt routine. If the UB-crpt Password Encryption option is selected, an enhanced Blowfish-based encryption is used. U-crpt and UB-crpt methods implement a one-way encryption. As a result, the Server cannot decrypt them into their original (clear text) form, and it cannot use them for secure (SASL Authentication Methods. Use these encryption methods only if you need compatibility with legacy password strings, but cannot use the OS passwords - it is usually more important to support "on-the-wire" security (using SASL methods), rather then "on-the-disk" security (using one-way password encryption methods).
U-crpt passwords can contain special prefixes. These prefixes allow you to import passwords encrypted using other password encryption methods. See the Migration section for more details.
Note: please remember that the plain Unix crypt routine uses only the first 8 symbols of the password string.
If the CommuniGate Password is absent or empty, it cannot be used to log into the Account even if the Use CommuniGate Password option is enabled. But if the user has logged in using the OS Password or the External Authentication method, the user can specify (update) the Account CommuniGate Password. This feature can be used to migrate users from legacy mail systems where you can not compose the list of accounts with their non-encrypted (plain text) user passwords.