On Thu, 20 Dec 2018 at 15:23, Aki Tuomi <aki.tuomi@open-xchange.com> wrote:

On 20 December 2018 at 14:10 Odhiambo Washington < odhiambo@gmail.com> wrote:

You've made this more difficult to understand, even :-)

So the answer is:

Set the following in 10-auth.conf

1. disable_plaintext_auth = no

2. auth_mechanisms = plain

And yes, the encrypted passwords are stored in MySQL.

You cannot use hashed passwords with digest-md5 mechanism.

Aki

So, for the record, whenever passwords are hashed, digest-md5 should be disabled/removed from auth_mechanisms.

My question though - for purposes of understanding - how does dovecot take the sent password from a client and match it against the hashed one stored in the DB (in my case)? What happens in between the process?

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)