[Dovecot] Using pgsql with 'cram-md5 auth' and 'hmac-md5 scheme'
John Peacock
jpeacock at rowman.com
Tue Sep 12 19:02:57 EEST 2006
John Peacock wrote:
> I don't see how this can work. I checked the source code and it seems
> to assume that you have the plaintext password. I don't have the time
> to trace through the code path to be sure;
Actually, this bugged me, so I did trace it through. It appears that
dovecotpw generates the hash by hashing the password with itself. What
happens is that the client sends the password as plaintext, and then
dovecot sees that the passdb file includes the {HMAC-MD5} in the
password field, hashes the plaintext password with itself, and finally
compares it with the stored value.
So, it looks like the way to set this up is:
# get your certificates in place
protocols = imaps
disable_plaintext_auth = no
auth default {
mechanisms = plain
passdb passwd-file {
args = /etc/dovecot/userdb.deny
deny = yes
}
passdb passwd-file {
args = /etc/dovecot/userdb
}
userdb passwd-file {
args = /etc/dovecot/userdb
}
user = root
}
and then add your database to the list of passdb's, with the value
{HMAC-MD5}xxxxxxxxxxxxxxxxx as the contents of the password field.
HTH
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
More information about the dovecot
mailing list