[Dovecot] Problem with DIGEST-MD5 authentication and plaintext passwords
Matthew Reimer
mreimer at vpop.net
Tue Nov 18 00:56:12 EET 2003
Timo Sirainen wrote:
> On Wed, 2003-11-12 at 03:09, Matthew Reimer wrote:
>
>>I wasn't able to get DIGEST-MD5 authentication working with passwords
>>stored as plaintext until I tweaked password_generate() to make it not
>>use the domain portion of user at domain.com as the realm. Both evolution
>>and kmail send the email address as the username with no realm; when
>>dovecot tries to convert the username to user + realm, the hash is
>>different and so DIGEST-MD5 authentication fails. Having
>>password_generate() hash user at domain.com::password instead of
>>user:domain.com:password fixes it. I need this to work because I need to
>>support all of PLAIN, CRAM-MD5, and DIGEST-MD5 at the same time.
>>
>>Timo, do you think this is a proper fix, or are kmail and evolution broken?
>
>
> Well .. Looks like most clients don't actually use realms, but I rather
> wouldn't completely drop support for them which your change would do.
>
> Correct fix would be to separate realm and "@domain" handling in code,
> that should work with both cases. I'll see if I can get that done.
Thanks Timo. Send me a patch when you're done and I'll test it.
Matt
More information about the dovecot
mailing list