[Dovecot] Only method=PLAIN

Бранко Мајић branko at majic.rs
Fri May 18 01:25:00 EEST 2012 

Yep, that's the way it works. In effect the LDAP server can use any
schema for storing its passwords, since you can then authenticate onto
the LDAP server itself, using Dovecot as a kind of proxy.

In effect LDAP server can store different user passwords in different
schemas as well (I'd recommend going with the default SSHA - salted SHA
- at least) - which can be useful when you're making a transition from,
say, some SQL-based backend onto LDAP (been there, done that, although
with Samba).

The authentication mechanism lets you specify in which way you want to
transfer the password over the network (and, of course, nothing beats
using STARTTLS/SSL in terms of encryption security - so you really
should rely on that one when it comes down to securing the
communications channel - note that weak passwords can't be really
protected in this way :) ).

Дана Thu, 17 May 2012 22:10:43 +0100
Tim Smith <tim at titan21.co.uk> написа:

> Interesting - just so I have this clear in my own head. The password 
> scheme is the way the password is encrypted but the authentication 
> mechanism is whether the password is sent encrypted as well?
> 
> On 17/05/12 22:00, Timo Sirainen wrote:
> > On 16.5.2012, at 19.36, Manuel Fernández Panzuela wrote:
> >
> >> Hello
> >>
> >> I need to authenticate dovecot against openldap. OpenLdap's
> >> authentication method requires SHA.
> >> How must I set dovecot ?
> > ..
> >>         #mechanisms = plain SHA
> > ..
> >> If I uncomment #mechanisms = plain SHA  Dovecot doesn't start, the
> >> error: dovecot: auth(default): Unknown authentication mechanism
> >> 'SHA'
> > You're confusing the difference between authentication mechanism
> > and password scheme. http://wiki2.dovecot.org/Authentication
> >
> > You want to use SHA1 as password scheme but still PLAIN mechanism.
> 
> 


-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120518/9a620c57/attachment-0004.bin>

More information about the dovecot mailing list