[Dovecot] Proxy MD5/NTLM requests not working

Cassidy B. Larson alandaluz at gmail.com
Fri Dec 15 17:49:17 UTC 2006


Having some problems with setting up a proxy with any authentication
mechanisms other than PLAIN. My passwords are
stored in my database in plaintext (and MD5), so I figure I could use
whatever scheme I want. Using the latest RC15. MySQL for the backend.

This first one is CRAM-MD5. It fails (scheme_r != NULL??) then PLAIN tries
to take over, but the auth server is restarting:

Info: auth(default): client in: AUTH   1       CRAM-MD5
service=POP3    secured lip=204.x.x.x     rip=209.x.x.x      resp=
Info: auth(default): client out: CONT  1
PDA1MTA2OTcxNzY0NjA1MTAuMTE2NjIwMjUxNkBtYXJiZWxsYS5pbmZvd2VzdC5jb20+
Info: auth(default): client in: CONT   1
YnV0Y2hAaW5mb3dlc3QuY29tIDBhNGNjNDJlN2QxOWI4ZjlkYjk0MjE2OTgxOGVmM2Ri
Error: auth(default): file passdb-cache.c: line 120
(passdb_cache_lookup_credentials): assertion failed: (*scheme_r != NULL)
Error: child 63406 (auth) killed with signal 6
Info: pop3-login: Authenticate PLAIN failed: Authentication failed:
Authentication server isn't connected, try again later..: method=PLAIN, rip=
209.x.x.x, lip=204.x.x.x, TLS

After this I tried adding this line to my Proxy dovecot-sql.conf file since
the Destination already had it:

default_pass_scheme = plain

When I try connecting now, I get this:

Info: auth(default): client in: AUTH   1       CRAM-MD5
service=POP3    secured lip=204.x.x.x       rip=209.x.x.x      resp=
Info: auth(default): client out: CONT  1
PDg1NDgyMTgxOTgyNzI0NDIuMTE2NjIwMzg2MkBtYXJiZWxsYS5pbmZvd2VzdC5jb20+
Info: auth(default): client in: CONT   1
YnV0Y2hAaW5mb3dlc3QuY29tIDIzM2FjODE3NmMwNzZkNWE1MmZhNzdhNDJlODVmMjAy
Info: auth-worker(default): sql(user at host.com,209.x.x.x): query: SELECT NULL
AS password, v.storeIP AS host, v.userID AS destuser, 'Y
' AS nologin, 'Y' AS nodelay, 'Y' AS proxy FROM virtmailbox AS v  WHERE
v.userID = 'user at host.com' and v.imap_active = 1
Error: auth-worker(default): file passdb.c: line 120
(passdb_handle_credentials): assertion failed: (password != NULL)
Error: child 69536 (auth-worker) killed with signal 6
Info: auth(default): client out: FAIL  1       user=user at host.com temp

This last error is the same that I get when trying NTLM.  Now, the password
should be NULL, since I dont want to do any authentication
on the Proxy, but simply forward it off to let the destination host handle
it.

Now the host that the proxy sends it off to works fine when I connect to it
directly. I have the same default mechanisms
allowed on both Proxy and destination.

Anybody have any clues? I'd really like to figure out how to proxy "secure
password" requests to my destination server without
having to rely on plaintext. Plaintext works fine with the proxy, but I am
unable to get anything else working.

Am I overlooking something obvious?

Thanks,

Cassidy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20061215/3b5833cf/attachment-0001.html 


More information about the dovecot mailing list