[Dovecot] how authentication works?

Mihamina Rakotomandimby mihamina at gulfsat.mg
Mon May 17 20:38:49 EEST 2010


Manao ahoana, Hello, Bonjour,
I've read:
http://wiki.dovecot.org/Authentication/PasswordSchemes

I have a users database with clear plain passwords.
Dovecot authenticates users without problems against it.

Now, it's time to move to CRYPT scheme.

Before that, I would like to know how things happen.

He have:
- the user, (entering his password in the MUA)
- the user's MUA (Thunderbird, Outlook, Squirrelmail,...)
- the POP or IMAP server
- the users database (mySQL) with username and crypt()'d password

How I think the process is:
- the user enters his password in a clear way.
- the MUA sends the password as the user entered it to the POP or IMAP
  server
- the POP or IMAP server fetches the password from the database
- the POP or IMAP server crypt()'s the user entered password
- the POP or IMAP server compares crypt()'d ones and gives his response

Am I close enough to reality? Too far?

Misaotra, Thanks, Merci.

-- 
       Architecte Informatique chez Blueline/Gulfsat:
    Administration Systeme, Recherche & Developpement
                                     +261 3456 000 19


More information about the dovecot mailing list