On 17.11.2016 10:30, Arkadiusz Miśkiewicz wrote:
On Thursday 17 of November 2016, Aki Tuomi wrote:
On 17.11.2016 10:14, Arkadiusz Miśkiewicz wrote:
Hello.
dovecot 2.2.26.0
When testing nopassword extra field (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot doesn't allow any password (while it should) and returns
" Authentication failed"
while in logs:
Nov 17 08:22:34 auth-worker(1551): Info: sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we have a NULL password
NULL is there because our sql query returns empty password just like wiki says "nopassword: you want to allow all passwords, use an empty password and this field. "
If password is returned in sql query then it fails, too:
Nov 17 09:00:49 auth-worker(2206): Error: sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is non- empty
So looks to be a bug. It's not a bug. CRAM-MD5 does in fact require *some* password to work, Provide fake/random one for nopassword internally.
you can either store it with doveadm pw -S CRAM-MD5 or as plain text password. Then I get
sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is non- empty So that doesn't help
btw. doveadm pw -S is not documented, so no idea what it does
Aki sorry, typo.
Ment doveadm pw -s CRAM-MD5
How do you perceive user login works with CRAM-MD5 if you do not provide *any* password for the user? Some passdb backend must provide a password for the user, if you want to load extra attributes from alternative backend, use noauthenticate instead of nopassword, but make sure the last passdb can authenticate the user.
Aki