[Dovecot] Problem with DIGEST-MD5 authentication and plainte xt passwords

Maikel Verheijen maikel at ladot.com
Mon Nov 17 08:37:28 EET 2003


For what it's worth:

We use postgres userlookups, and use an older version of dovecot (an 
old cvs version of around 0.99.9.1), and we DO use digest-md5 password 
encryption in the database and realms. It seems to work flawlessly in 
our situation, I used kmail, evolution, apple-mail, entourage, outlook, 
outlook-express and mutt.


Have there been changes in the digest-md5 code since 0.99.9.1 ?


Kind regards,


Maikel Verheijen
Ladot Nederland BV.

On Nov 16, 2003, at 4:56 PM, Timo Sirainen wrote:

> On Wed, 2003-11-12 at 03:09, Matthew Reimer wrote:
>> I wasn't able to get DIGEST-MD5 authentication working with passwords
>> stored as plaintext until I tweaked password_generate() to make it not
>
>> use the domain portion of user at domain.com as the realm. Both evolution
>
>> and kmail send the email address as the username with no realm; when
>> dovecot tries to convert the username to user + realm, the hash is
>> different and so DIGEST-MD5 authentication fails. Having
>> password_generate() hash user at domain.com::password instead of
>> user:domain.com:password fixes it. I need this to work because I need
> to
>> support all of PLAIN, CRAM-MD5, and DIGEST-MD5 at the same time.
>>
>> Timo, do you think this is a proper fix, or are kmail and evolution
> broken?
>
> Well .. Looks like most clients don't actually use realms, but I rather
> wouldn't completely drop support for them which your change would do.
>
> Correct fix would be to separate realm and "@domain" handling in code,
> that should work with both cases. I'll see if I can get that done.
>



More information about the dovecot mailing list