[Dovecot] Secure authentication?

Uldis Pakuls neko at it4u.lv
Mon Nov 12 15:05:25 EET 2007


Bazy wrote:
> Jürgen Herz wrote:
>   
>> On 2007-11-11 01:13, Bjørn T Johansen wrote:
>>     
>>> I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an
>>> error from dovecot telling me that this is not supported..
>>>
>>> Is this because dovecot does not support this or am I missing some config?
>>>       
>> Might be. But note that with "secure authentication" it might mean
>> CRAM-MD5, DIGEST-MD5, Kerberos a.s.o. that are no simple plain text or
>> just Base64 coding mechanisms. SSL on the other hand is a way to make a
>> secure *connection*.
>> So make sure some of the above mechanisms are enabled in your dovecot
>> installation as well.
>>
>> Jürgen
>>
>> ---AV & Spam Filtering by M+Guardian - Risk Free Email (TM)---
>>
>>     
>
> So, if we are talking about authentication, I always get the error:
>
>
> Nov 11 14:10:05 goofy postfix/smtpd[8089]: warning:
> unknown[192.168.0.3]: SASL CRAM-MD5 authentication failed:
> PDcyNTc4NDY4NjgyMTIxMDEuMTE5NDc4MzAwM0Bnb29meS5jZWx1bG96YS5ybz4=
>
> Nov 11 14:10:05 goofy postfix/smtpd[8089]: A1338855EA1:
> client=unknown[192.168.0.3], sasl_method=PLAIN,
> sasl_username=bazy at goofy.celuloza.ro
>
>
> Do i need to store the password in mysql with md5? I don't fully
> understand it... Why do i get that error?
>
> Now my "default_pass_scheme = CRYPT", and in mysql I'm using ENCRYPT
> when i store a password.
>
>   
No, you need store passwords encrypted with CRAM-MD5 to use CRAM-MD5
if your password is encrypted using CRYPT - only CRYPT is available.

Generally you need to store unencrypted passwords to allow client chose
which encryption to use.
Then hash is generated internally by dovecot form unencrypted password.
If password is already encrypted only this encryption method is
available - e.g. you can't generate MD5 hash from Crypt hash.


Uldis



More information about the dovecot mailing list