[Dovecot] Password auth scheme question with mysql

Ed W lists at wildgooses.com
Wed Jan 25 00:51:31 EET 2012 

On 24/01/2012 22:06, Ed W wrote:
> Hi, I have a current auth database using mysql with a "password" 
> column in plain text. The config has "default_pass_scheme = PLAIN" 
> specified
>
> In preparation for a more adaptable system I changed a password entry 
> from "asdf" to "{PLAIN}asdf", but now auth fails.  Works fine if I 
> change it back to just "asdf". (I don't believe it's a caching problem)
>
> What might I be missing?  I was under the impression that the password 
> column can include a {scheme} prefix to indicate the password scheme 
> (presumably this also means a password cannot start with a "{"?).  Is 
> this still true when using mysql and default_pass_scheme ?

Hmm, so I try:

# doveadm pw -p asdf -s sha256
{SHA256}8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts=

I enter this hash into my database column, then enabling debug logging I 
see this in the logs:

Jan 24 22:40:44 mail1 dovecot: auth: Debug: 
cache(demo at mailasail.com,1.2.24.129): SHA256({PLAIN}asdf) != 
'8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts='
Jan 24 22:40:44 mail1 dovecot: auth-worker: Debug: 
sql(demo at blah.com,1.2.24.129): query: SELECT NULLIF(mail_host, 
'1.2.24.129') as proxy, NULLIF(mail_host, '1.2.24.129') as host, email 
as user, password, password as pass, home userdb_home, concat(home, '/', 
maildir) as userdb_mail, 200 as userdb_uid, 200 as userdb_gid FROM users 
WHERE email = 
if('blah.com'<>'','demo at blah.com','demo at blah.com@mailasail.com') and 
flag_active=1
Jan 24 22:40:44 mail1 dovecot: auth-worker: 
sql(demo at blah.com,1.2.24.129): Password mismatch (given password: 
{PLAIN}asdf)
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error: 
md5_verify(demo at mailasail.com): Not a valid MD5-CRYPT or PLAIN-MD5 password
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error: 
ssha256_verify(demo at mailasail.com): SSHA256 password too short
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error: 
ssha512_verify(demo at mailasail.com): SSHA512 password too short
Jan 24 22:40:44 mail1 dovecot: auth-worker: Warning: Invalid OTP data in 
passdb
Jan 24 22:40:44 mail1 dovecot: auth-worker: Warning: Invalid OTP data in 
passdb
Jan 24 22:40:44 mail1 dovecot: auth-worker: Debug: 
sql(demo at blah.com,1.2.24.129): SHA256({PLAIN}asdf) != 
'8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts='


Forgot to say. this is with dovecot 2.0.17

Thanks for any pointers

Ed W

More information about the dovecot mailing list