[Dovecot] Secure authentication?

Bazy bazy at darkdawn.net
Mon Nov 12 18:23:38 EET 2007


Uldis Pakuls wrote:
> Bazy wrote:
>> Jürgen Herz wrote:
>>   
>>> On 2007-11-11 01:13, Bjørn T Johansen wrote:
>>>     
>>>> I have enabled SSL support for my dovecot installation but if I enable secure authentication in my MUA, I get an
>>>> error from dovecot telling me that this is not supported..
>>>>
>>>> Is this because dovecot does not support this or am I missing some config?
>>>>       
>>> Might be. But note that with "secure authentication" it might mean
>>> CRAM-MD5, DIGEST-MD5, Kerberos a.s.o. that are no simple plain text or
>>> just Base64 coding mechanisms. SSL on the other hand is a way to make a
>>> secure *connection*.
>>> So make sure some of the above mechanisms are enabled in your dovecot
>>> installation as well.
>>>
>>> Jürgen
>>>
>>> ---AV & Spam Filtering by M+Guardian - Risk Free Email (TM)---
>>>
>>>     
>> So, if we are talking about authentication, I always get the error:
>>
>>
>> Nov 11 14:10:05 goofy postfix/smtpd[8089]: warning:
>> unknown[192.168.0.3]: SASL CRAM-MD5 authentication failed:
>> PDcyNTc4NDY4NjgyMTIxMDEuMTE5NDc4MzAwM0Bnb29meS5jZWx1bG96YS5ybz4=
>>
>> Nov 11 14:10:05 goofy postfix/smtpd[8089]: A1338855EA1:
>> client=unknown[192.168.0.3], sasl_method=PLAIN,
>> sasl_username=bazy at goofy.celuloza.ro
>>
>>
>> Do i need to store the password in mysql with md5? I don't fully
>> understand it... Why do i get that error?
>>
>> Now my "default_pass_scheme = CRYPT", and in mysql I'm using ENCRYPT
>> when i store a password.
>>
>>   
> No, you need store passwords encrypted with CRAM-MD5 to use CRAM-MD5
> if your password is encrypted using CRYPT - only CRYPT is available.
> 
> Generally you need to store unencrypted passwords to allow client chose
> which encryption to use.
> Then hash is generated internally by dovecot form unencrypted password.
> If password is already encrypted only this encryption method is
> available - e.g. you can't generate MD5 hash from Crypt hash.
> 
> 
> Uldis
> 

I know I can't generate md5 from mysql encrypt :) but I understand now,
thank you for explaining it to me.


More information about the dovecot mailing list