[Dovecot] CRAM-MD5 auth broken with postgresql passdb?
Chris Laif
chris.laif at googlemail.com
Tue Oct 24 09:41:36 UTC 2006
I'm currently experiencing a problem which has already been described
by Jonathan in http://www.dovecot.org/list/dovecot/2006-August/015501.html
If I use CRAM-MD5 auth with passwd-file as a backend (Thunderbird
client) everything works fine (MD5-hashes have been shortened for
readability):
dovecot: auth(default): password(bob at foo.bar,10.0.0.123): Credentials:
f12c884ba3cc82..
dovecot: imap-login: Login: user=<bob at foo.bar>, method=CRAM-MD5,
rip=10.0.0.123, lip=10.0.0.234
My passwd file contains a line like this:
bob at foo.bar:{HMAC-MD5}f12c884ba3cc82..
If I change to postgresql-based passdb, PLAIN auth works (!) and
CRAM-MD5 does not work:
dovecot: auth(default): sql(bob at foo.bar,10.0.0.123): query: SELECT
'bob at foo.bar' AS user, '{HMAC-MD5}f12c884ba3cc82..' AS password
dovecot: auth(default): password(bob at foo.bar,10.0.0.123): Credentials:
dovecot: auth(default): cram-md5(bob at foo.bar,10.0.0.123): password mismatch
Please note the ultra-simple SELECT-statement (I've tried other
combinations as well - no success). sql.conf setting is
"default_pass_scheme = HMAC-MD5". Dovecot version 1.0.rc10.
In the postgresql-based example the "Credentials:" variable is empty.
I wonder if this is a bug in dovecot.
Please let me know if you need any further information to resolve this issue.
Thanks,
Chris
(As a side not I still do not understand how CRAM-MD5 auth is able to
work without a plain text password, but that's another story. If it
works with an HMAC-MD5 hash in a passwd-file backend it should work
with the postgresql-db backend as well.)
More information about the dovecot
mailing list