Quoting SATOH Fumiyasu fumiyas@osstech.jp:
I want to use CRAM-MD5 or DIGEST-MD5 (non-plaintext) authentication for master users, but Dovecot 2.2.13 rejects it with the following log:
auth_mechanisms = plain login cram-md5 digest-md5 disable_plaintext_auth = yes auth_master_user_separator = %
passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes }
# don't work too #passdb { # driver = checkpassword # args = /opt/osstech/etc/dovecot/checkpassword.masterusers # master = yes # pass = yes #}
passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext }
Is this a bug or a restriction of Dovecot?
This is a restriction of CRAM-MD5 and DIGEST-MD5
They require plaintext passwords, you can't use password hashes on the
server if you wish to use them. Or you have to use the special
cram/digest-md5 password hash format.
There is nothing really to be gained from using these formats, it's
just better to require TLS.