[Dovecot] Postfix/mysql/dovecot - Understanding password encryption

Reindl Harald h.reindl at thelounge.net
Mon Dec 24 23:54:39 EET 2012



Am 24.12.2012 22:44, schrieb Robert Moskowitz:
> 
> On 12/24/2012 04:26 PM, Robert Moskowitz wrote:
>> I am switching from a fedora/postfix/mysql/couriermail/squirrelmail to Centos/.../dovecot/roundcubemail and
>> adding postfixadmin to the mix.
>>
>> My tutorial before was an earlier version (on F14) of:
>>
>> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-centos-6.2-x86_64
>>
>> Now I am using
>>
>> http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer
>>
>> to get me started.  I am up to roundcubemail setup and am stumbling to understand what the author here is doing
>> with encrypted passwords, so felt it was time to delve deeper into this.
>>
>> My old setup uses mysql-crypt for the password.
>>
>> MYSQL_CRYPT_PWFIELD password
>>
>> and users could be added to the table with:
>>
>> INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('sales at example.com', ENCRYPT('secret'), 10485760);
>>
>> But where this was all simple and no choices, I get to figure out what to do with my dovecot setup.
>>
>> Some of the 'secret' is hinted at in postfixadmin's config.inc.php:
>>
>> // Encrypt
>> // In what way do you want the passwords to be crypted?
>> // md5crypt = internal postfix admin md5
>> // md5 = md5 sum of the password
>> // system = whatever you have set as your PHP system default
>> // cleartext = clear text passwords (ouch!)
>> // mysql_encrypt = useful for PAM integration
>> // authlib = support for courier-authlib style passwords
>> // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
>> $CONF['encrypt'] = 'md5crypt';
>>
>> Where is there information on the different choices and how to choose.
>>
>> Is it as 'simple' as setting up postfixadmin to control the password encryption format then 'inform' dovecot in
>> the dovecot-mysql.conf with
>>
>> default_pass_scheme = MD5-CRYPT
>>
> 
> Oh, the dovecot.conf has the line:
> 
> auth_mechanisms = plain login
> Which adds to my confusion.

maybe you should read some basic documentations
see the large bumber of your posts on dovecot/postfix list
and that i was able to setup my first mailserver years ago
with only reading the docs and subcribe for mailing-lists
a year later it feels like you try to replace reading
manuals with posting basic questions

auth-mech = client/server

start with
 * http://wiki.dovecot.org/
 * http://wiki.dovecot.org/Authentication/Mechanisms
 * http://www.postfix.org/documentation.html

>> // cleartext = clear text passwords (ouch!)

if you want / need to provide different auth-mchs you may have
no other option because the server will not be able to generate
the data for CRAM-MD5/MD5-DIGEST from a hashed column

this is also eplained here
http://wiki.dovecot.org/Authentication/Mechanisms

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20121224/cefb12ee/attachment-0004.bin>


More information about the dovecot mailing list