John Peacock wrote:
I don't see how this can work. I checked the source code and it seems to assume that you have the plaintext password. I don't have the time to trace through the code path to be sure;
Actually, this bugged me, so I did trace it through. It appears that dovecotpw generates the hash by hashing the password with itself. What happens is that the client sends the password as plaintext, and then dovecot sees that the passdb file includes the {HMAC-MD5} in the password field, hashes the plaintext password with itself, and finally compares it with the stored value.
So, it looks like the way to set this up is:
# get your certificates in place protocols = imaps disable_plaintext_auth = no
auth default { mechanisms = plain passdb passwd-file { args = /etc/dovecot/userdb.deny deny = yes } passdb passwd-file { args = /etc/dovecot/userdb } userdb passwd-file { args = /etc/dovecot/userdb } user = root }
and then add your database to the list of passdb's, with the value {HMAC-MD5}xxxxxxxxxxxxxxxxx as the contents of the password field.
HTH
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748