moving from mysql to pgsql

Magnus mws at alpenjodel.de
Wed Oct 4 19:06:14 EEST 2017 

Hello,

I hope that this mailing list is "alive", since I am looking for a 
solution for my problem for a long time.

I would like to migrate my existing dovecot installation from mysql to 
pgsql. But I have problems with the passwords when using pgsql.

The existing and working mysql-based installation looks like this:

	dovecot-sql.conf.ext:

	driver = mysql
	default_pass_scheme = SHA512-CRYPT

Users are created like this:

	INSERT INTO mls_user (idx,domain,password,email)
	VALUES (1,99,ENCRYPT('Test'),'mws at alpenjodel.de');

This setup is working, which I can verify like this:

	$ telnet localhost 143
	* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
	ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5
	AUTH=CRAM-MD5] Dovecot ready.

	a login mws at alpenjodel.de Test
	OK

Now let's take a look at the pgsql version of the setup:

	dovecot-sql.conf.ext:

	driver = pgsql
	default_pass_scheme = SHA512-CRYPT

Users are created like this:

	INSERT INTO mls_user (idx,domain,password,email)
	VALUES (1,99,crypt('Test',gen_salt('des')),'mws at alpenjodel.de');

This setup is not working:

	$ telnet localhost 143
	* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
	ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5
	AUTH=CRAM-MD5] Dovecot ready.

	a login mws at alpenjodel.de Test
	a NO [AUTHENTICATIONFAILED] Authentication failed.

Assumptions:

- I believe that the mysql encrypt function uses the crypt system call,
   which in turn uses the DES algorithm with a random salt.

- I believe that the same is done with the pgsql function call
   crypt('Test',gen_salt('des')).

But obviously some of these assumptions must be wrong.

Besides that, the variable "default_pass_scheme" is set to 
"SHA512-CRYPT" in both cases. But obviously, not SHA but DES is used by 
the working mysql-based setup. I don't understand that. Could someone 
please explain the relationship between the default_pass_scheme variable 
and the encryption/hashing algorithm used to store the user passwords?

And finally: What can I do to migrate to pgsql?

Thank you
Magnus

More information about the dovecot mailing list