[Dovecot] Using pgsql with 'cram-md5 auth' and 'hmac-md5 scheme'
John Peacock
jpeacock at rowman.com
Tue Sep 12 18:30:24 EEST 2006
Jonathan Ballet wrote:
> - How can it works with nearly the same configuration, using passwd-like files
> instead of pgsql database ?
Actual passwd files use crypt, which includes the seed before the hashed
value.
> Auth mechanism is set to 'cram-md5', and passwords in the passdb file are
> HMAC-MD5 encrypted passwords (or, if I am wrong somewhere, they are generated by
> 'dovecotpw -s HMAC-MD5' and start with {HMAC-MD5})
I don't see how this can work. I checked the source code and it seems
to assume that you have the plaintext password. I don't have the time
to trace through the code path to be sure; I help write the AUTH support
in a SMTP server, so AFAICT you must have both the plaintext password
and the generated challenge in order to use CRAM-MD5.
> Is there any documentation referencing which password scheme could be used with
> an authentification mechanism ? I thought it was in [1], but I might be wrong.
>
> So, what are my options, to have encrypted authentication, and encrypted password ?
AIUI, you need to use PLAIN (authentication) over SSL (encrypted) in
order to have an encrypted password on the server.
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
More information about the dovecot
mailing list