On 20 December 2018 at 14:10 Odhiambo Washington < odhiambo@gmail.com> wrote:

You've made this more difficult to understand, even :-)

So the answer is:

Set the following in 10-auth.conf

1. disable_plaintext_auth = no

2. auth_mechanisms = plain

And yes, the encrypted passwords are stored in MySQL.

On Thu, 20 Dec 2018 at 13:36, Nikolai Lusan < nikolai@lusan.id.au> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

Greetings

On Thu, 2018-12-20 at 12:20 +0300, Odhiambo Washington wrote:

I am using SHA512-CRYPT scheme for passwords.

Yeah, there is a reason MD5 has been preferred to crypt for a very long

time now, and the SHA512 isn't really any better.

>

In my dovecot-sql.conf.ext, I have: default_pass_scheme = CRYPT

In 10-auth.conf, I have:

auth_mechanisms = plain login digest-md5

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

M$ Outlook is refusing to authenticate, with error: Requested DIGEST-MD5

scheme, but we have only CRYPT

What an I missing??

>

You are not advertising 3 possible auth methods, I am assuming that plain

will use the SQL extension. Unless you are going to setup a digest-md5

method I would remove it from the advertised methods as most clients will

default to a digest method before selecting plain. Unless you control all

the clients and can configure them to only use the plain method of auth (I

would also be ensuring that you have TLS enforced in some way for this)

then removal of the digest method is probably the best fix.

If the plain and/or login methods are failing check your sql config

includes the passdb and userdb sections.

>

- --

Nikolai Lusan < nikolai@lusan.id.au>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAlwbcFwACgkQ4ZaDRV2V

L6T7IxAAjTQQfVngYU92oNfORwIeL6e9YZtvlLfo7V6d2PSgnzJ2Tdzyo2YA4AGy

eApc9SoJra8IVzanv+s6yl0BJ/EXez/ugdZ5DEUzYTf7b1AVMnUYOKkCi4HeOzzx

zttLF/Hd5ovwDRB1StNa5c1dsrN5lfwZy/cFwK+zOWwEZDBpYq3/y+IjsbWhCcW1

DVbrSshOUaFqZwRE7MFPHiwsyNxhiG8cciglgUKf5HdRaiwx5E1Xy9gASxaqrdqg

GZpGbI7C8sAr92OvTvZlwThSOM6+aSgGIOATRS9S1Lh9x9H14ya1LtOE9XELSQPl

gDI/HJKBym7D8BsnEPSZ+THRwWGQ6QyACZUN8q5OZMEyzS2AGECnSTYMgv4LjqBZ

VbAaPZBAkhsuzVoWsd4xKiN9Qv3wQykDsSq6yahqiDzTXbsCA8HPMEQvw3hISttq

WHdibiBP8cm2/8cz+8PM1+3Q08JMVRqmDLEIQ61gmg8UWhpCPbE3royBkHaj6wOR

GeK4mG3cwYQu0JsoKDsFr7EvABErVRzrvkiMgnz/ivORkJVVtmxyYmG4t5VIT8FD

Hq6A/c1VJ/GYLNHNWRFMRfiXIJB7fM6K0NWK1EN34QoHNbwb5qSL+c6t/BZ5BpzK

c9zkU31FTqtSabUHzNPje6hzHMi5eZLhcH/MCZhD3Xv5+Gwxdug=

=LQQ1

-----END PGP SIGNATURE-----

>

--

Best regards,

Odhiambo WASHINGTON,

Nairobi,KE

+254 7 3200 0004/+254 7 2274 3223

"Oh, the cruft.", grep ^[^#] :-)