Hi,
I'm using dovecot-1.0.0 on gentoo box and I have problem with authentication using digest-md5 and passwords stored as plain text in ldap database, when I use cram-md5 it works, while digest-md5 give this error (squirrelmail login):
May 5 16:03:32 srv dovecot: auth(default): client in: AUTH 1
DIGEST-MD5 service=IMAP secured lip=127.0.0.1 rip=127.0.0.1
May 5 16:03:32 srv dovecot: auth(default): client out: CONT 1
[password hash]
May 5 16:03:32 srv dovecot: auth(default): client in: CONT<hidden>
May 5 16:03:32 srv dovecot: auth(default): ldap(user@domain.com,127.0.0.1):
pass search: base=ou=domain.com,cn=Users,dc=domain,dc=com scope=subtree
filter=(&(objectClass=posixAccount)(uid=user)) fields=userPassword
May 5 16:03:32 srv dovecot: auth(default): ldap(user@domain.com,127.0.0.1):
result: userPassword(password)=<hidden>
May 5 16:03:32 srv dovecot: auth(default): digest-md5
(user@domain.com,127.0.0.1): password mismatch
May 5 16:03:32 srv dovecot: auth(default): client out: FAIL 1
user=user@domain.com
May 5 16:03:32 srv dovecot: imap-login: Aborted login:
user=user@domain.com, method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1,
secured
It seems that client and dovecot hashes calculated for DIGEST-MD5 are different, I tested squirrelmail 1.4.9a, kmail 3.5.6 both can't login using digest-md5 so maybe dovecot does not working correctly? Passwords where created using phpldapadmin and "clear" password type, cram-md5 logins are ok. I can't find any info on ldap and digest-md5 incompatibility in dovecot wiki, can anyone give my a hint?
my dovecot-ldap.conf: uris = ldaps://127.0.0.1 dn = uid=dovecot,cn=Daemons,dc=domain,dc=com dnpass = secret sasl_bind = no tls = no auth_bind = no ldap_version = 3 base = ou=%d,cn=Users,dc=domain,dc=com deref = never scope = subtree pass_attrs = userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%n)) default_pass_scheme = PLAIN
my dovecot.conf: protocols = imap imaps managesieve shutdown_clients = yes syslog_facility = mail ssl_cert_file = /etc/ssl/cert ssl_key_file = /etc/ssl/key verbose_ssl = no login_process_per_connection = yes login_processes_count = 2 login_max_processes_count = 10 login_user = dovecot login_dir = /var/run/dovecot/login login_chroot = yes mail_location = maildir:/var/mail/%d/%n mail_extra_groups = postfix mail_full_filesystem_access = no mail_debug = no verbose_proctitle = yes first_valid_uid = 2000 last_valid_uid = 2000 first_valid_gid = 2000 last_valid_uid = 2000 maildir_copy_with_hardlinks = yes disable_plaintext_auth = yes
protocol imap { imap_client_workarounds = outlook-idle }
protocol lda { postmaster_address = postmaster@domain.com hostname = domain.com mail_plugins = cmusieve }
auth_default_realm = pcserwis.net auth_username_format = %Lu auth_verbose = yes auth_debug = yes auth_debug_passwords = no
auth default { mechanisms = plain login cram-md5 digest-md5
passdb ldap { args = /etc/dovecot/dovecot-ldap.conf }
userdb static { args = uid=2000 gid=2000 home=/var/mail/%d/%n }
socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = vmail group = postfix } master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail } } }
protocol managesieve { listen = *:2000 login_executable = /usr/libexec/dovecot/managesieve-login mail_executable = /usr/libexec/dovecot/managesieve }
-- Łukasz Mierzwa