On 255, 09 12, 2006 at 12:13:05AM +0200, Jonathan Ballet wrote:
Hello,
I want to use PostgreSQL to store my Dovecot users. I setup a very basic configuration, following word for word this page http://wiki.dovecot.org/DovecotPostgresql and it works ... almost.
In fact, it works if I use PLAIN password scheme in my database. However, I would like to store them encrypted. But, if I replace the password field for my user with {HMAC-MD5}-... /^
| Is this '-' just a typo ? It is not needed here.
(the password generated by dovecotpw), it doesn't work.
Here is the log, using PLAIN password scheme (all debug options activated) :
auth(default): client in: AUTH 1 CRAM-MD5 service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 auth(default): client out: CONT 1 PDU3NTgxMTE5MTcwMTYzNjguMTE1ODAxMTQzN0BkZWI2ND4= auth(default): client in: CONT 1 am9uIDJjN2RmMDVmZWZiNWU4MmE0MzFkMjM2YThhYzc2MDAx auth(default): sql(jon,127.0.0.1): query: SELECT userid as user, password FROM users WHERE userid = 'jon' auth(default): password(jon,127.0.0.1): Credentials: 3fd9989457cb3edf1fb8d31dddaf11f3f0efee3423aeb9ebf9bbe981f86a079b auth(default): client out: OK 1 user=jon auth(default): master in: REQUEST 1 23748 1 auth(default): sql(jon,127.0.0.1): SELECT home, uid, gid FROM users WHERE userid = 'jon' auth(default): master out: USER 1 jon home=/var/mail/jon/ uid=5000 gid=5000 IMAP(jon): Effective uid=5000, gid=5000 IMAP(jon): maildir: data=/var/mail/jon IMAP(jon): maildir:root=/var/mail/jon, index=/var/mail/jon, control=, inbox= imap-login: Login: user=<jon>, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, secured IMAP(jon): Disconnected: Logged out
And here is the log, using HMAC-MD5 password scheme (all debug options activated too) :
auth(default): client in: AUTH 1 CRAM-MD5 service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 auth(default): client out: CONT 1 PDI0MDc4NTQzMDc5NjU2NTIuMTE1ODAxMTkxNUBkZWI2ND4= auth(default): client in: CONT 1 am9uIDViNmE4NDI5ZjUzZTQ3YTEzZmEzNjhiOThlYjI5OTFi auth(default): sql(jon,127.0.0.1): query: SELECT userid as user, password FROM users WHERE userid = 'jon' auth(default): password(jon,127.0.0.1): Credentials: auth(default): cram-md5(jon,127.0.0.1): password mismatch auth(default): client out: FAIL 1 user=jon imap-login: Disconnected: user=<jon>, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, secured
The login + password used for those tests are 'jon'/'jonpwd'. In the second example, I didn't get any Credentials, whereas in the first case (PLAIN scheme), the Credentials output correspond to the 'dovecotpw' generated password (as in
dovecotpw -s HMAC-MD5 -p jonpwd
). I don't know if it's normal or not.So, I'm not sure what to do next :/ I use this kind of 'auth mechanism'/'password scheme' on another computer, with passwd-like files, and it works. So, I don't know why the same data, coming from another location, doesn't work.
Any help would be greatly appreciated ! Thanks,
-- Jonathan
-- Andrey Panin | Linux and UNIX system administrator pazke@donpac.ru | PGP key: wwwkeys.pgp.net