[Dovecot] Proxy MD5/NTLM requests not working

Timo Sirainen tss at iki.fi
Sat Dec 16 02:14:16 UTC 2006


On Fri, 2006-12-15 at 10:49 -0700, Cassidy B. Larson wrote:
> Having some problems with setting up a proxy with any authentication
> mechanisms other than PLAIN. My passwords are
> stored in my database in plaintext (and MD5), so I figure I could use
> whatever scheme I want. Using the latest RC15. MySQL for the backend. 

Nope. One important idea behind the non-plaintext authentication
mechanisms is that they prevent man-in-the-middle attacks, which a proxy
basically is. So it's pretty much impossible to do what you want (unless
there's some co-operation between proxy-dovecot-auth and
remote-server-auth, and even then I'm not sure if it would work with all
mechanisms).

It would be possible for the user to authenticate with the proxy and
then for the proxy to pass some proxy-master username and password which
authenticate to the remote server (see
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy). Although I
haven't tried if this works with non-plaintext mechanisms either.

> Error: auth(default): file passdb-cache.c: line 120
> (passdb_cache_lookup_credentials): assertion failed: (*scheme_r !=
> NULL)

Umm. I'll see if I can get this fixed. It shouldn't crash in any case..

> Error: auth-worker(default): file passdb.c: line 120
> (passdb_handle_credentials): assertion failed: (password != NULL)

Crashes are bad, will see about fixing this one too :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20061216/aedca3d0/attachment.pgp 


More information about the dovecot mailing list