Master user and non-plaintext auth does not work
Patrick Domack
patrickdk at patrickdk.com
Mon Sep 1 09:07:07 UTC 2014
Quoting SATOH Fumiyasu <fumiyas at osstech.jp>:
> I want to use CRAM-MD5 or DIGEST-MD5 (non-plaintext) authentication
> for master users, but Dovecot 2.2.13 rejects it with the following log:
>
> auth_mechanisms = plain login cram-md5 digest-md5
> disable_plaintext_auth = yes
> auth_master_user_separator = %
>
> passdb {
> driver = passwd-file
> args = /etc/dovecot/passwd.masterusers
> master = yes
> pass = yes
> }
>
> # don't work too
> #passdb {
> # driver = checkpassword
> # args = /opt/osstech/etc/dovecot/checkpassword.masterusers
> # master = yes
> # pass = yes
> #}
>
> passdb {
> driver = ldap
> args = /etc/dovecot/dovecot-ldap.conf.ext
> }
>
> Is this a bug or a restriction of Dovecot?
This is a restriction of CRAM-MD5 and DIGEST-MD5
They require plaintext passwords, you can't use password hashes on the
server if you wish to use them. Or you have to use the special
cram/digest-md5 password hash format.
There is nothing really to be gained from using these formats, it's
just better to require TLS.
More information about the dovecot
mailing list