Matthias P. Wuerfl wrote:

> Cram_md5 needs the clear password (right?). If i set up cram_md5 the
> server will announce this ability to the clients (right?), these will
> choose it (right?) and they can not log in (right?).

3x right.

> How can i solve the problem:
> - move to cram_md5 slowly?
> - activate/offer cram_md5 while not every password is here in clear

There is no technical solution to this (besides of running john the
ripper over your password database). You can only wait until all (or
most of) your users authenticated and you had a chance to store the
plaintext password or give out new passwords.