Master user and non-plaintext auth does not work

Patrick Domack patrickdk at patrickdk.com
Mon Sep 1 09:07:07 UTC 2014


Quoting SATOH Fumiyasu <fumiyas at osstech.jp>:

> I want to use CRAM-MD5 or DIGEST-MD5 (non-plaintext) authentication
> for master users, but Dovecot 2.2.13 rejects it with the following log:
>
>   auth_mechanisms = plain login cram-md5 digest-md5
>   disable_plaintext_auth = yes
>   auth_master_user_separator = %
>
>   passdb {
>     driver = passwd-file
>     args = /etc/dovecot/passwd.masterusers
>     master = yes
>     pass = yes
>   }
>
>   # don't work too
>   #passdb {
>   #  driver = checkpassword
>   #  args = /opt/osstech/etc/dovecot/checkpassword.masterusers
>   #  master = yes
>   #  pass = yes
>   #}
>
>   passdb {
>     driver = ldap
>     args = /etc/dovecot/dovecot-ldap.conf.ext
>   }
>
> Is this a bug or a restriction of Dovecot?

This is a restriction of CRAM-MD5 and DIGEST-MD5
They require plaintext passwords, you can't use password hashes on the  
server if you wish to use them. Or you have to use the special  
cram/digest-md5 password hash format.

There is nothing really to be gained from using these formats, it's  
just better to require TLS.




More information about the dovecot mailing list