[Dovecot] auth failure with digest-md5

LeVA leva at az.isten.hu
Fri Aug 18 02:44:40 EEST 2006


I'm using:
Dovecot 1.0.beta8
OpenBSD 3.9
KMail 1.9.3

My password file contains only one user now. I've changed its password 
to a dumb one: 'asd' (so this is not a wrong password failure :)

I've configured the PLAIN and DIGEST-MD5 mechanisms in dovecot.conf, and 
I'm only using pop3.
Also I've turned on the verbose auth logging, and I'm attaching the logs 
inline. My password db contains the {DIGEST-MD5} prefixed password.
The problem is very simple but very weird.
I start the dovecot server and try to log in.
It succeeds, I'm happy.
But after one (the first) success, all further logins fails. Yes this a 
sometimes working/sometimes not problem, which is rare in this 

Here is the log of the first success:

00:48:41 Info: auth(default): client in: AUTH 1 DIGEST-MD5 service=POP3 
secured lip= rip= resp=
00:48:41 Info: auth(default): client out: CONT   1 
00:48:41 Info: auth(default): client in: CONT   1       
00:48:41 Info: auth(default): client out: CONT  1 
00:48:41 Info: auth(default): client in: CONT   1
00:48:41 Info: auth(default): client out: OK    1       user=username
00:48:41 Info: auth(default): master in: REQUEST 9 15718   1
00:48:41 Info: auth(default): master out: USER  9 username uid=6000 
gid=6000 home=/var/mail/virtual/username/./
00:48:41 Info: pop3-login: Login: user=<username>, method=DIGEST-MD5, 
rip=, lip=, TLS
00:48:41 Info: POP3(username): Disconnected: Logged out top=0/0, 
retr=0/0, del=0/0, size=0

And after that, every login fails:

00:49:28 Info: auth(default): client in: AUTH 1 DIGEST-MD5 service=POP3 
secured lip= rip= 
00:49:28 Info: pop3-login: Aborted login: method=DIGEST-MD5, 
rip=, lip=, TLS
00:49:28 Info: auth(default): passwd-file /etc/dovecot.passwd: Read 1 

I can notice that the second (the failure) log is shorter than the first 
(the success). Maybe something is missing from there.

The PLAIN auth mechanism is working, even after a failed DIGEST-MD5 
login. In fact the PLAIN login always works :)




More information about the dovecot mailing list