Re: HELP: wrinting dovecot-sql.conf to authenticate to an existing database

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 7 Jul 2015, Filippo Zeus wrote:

I have a database "egroupware" with table "egw_accounts". The field "account_lid" is the full email address and "account_pwd" is the password in Blowfish format.

Here is my dovecot-sql.conf

driver = mysql connect = host=localhost dbname=egroupware user=egroupware password=********* default_pass_scheme = BLF-CRYPT password_query = SELECT account_pwd AS password FROM egw_accounts WHERE account_lid = '%u'

Error: sql(hidden@mydomain.com,::1): Invalid password in passdb: crypt() failed: Invalid argument auth: Debug: client passdb out: FAIL#0111#011user=hidden@mydomain.com dovecot: pop3-login: Debug: Ignoring unknown passdb extra field:

I think I'm having trouble with the password value that is stored in the account_pwd as:

{crypt}$2a$12$XTAolzXgwMC211MuZELQUedPv9tjZNs7Osh97PnZ50pAKuk3WPGmS

Reading at http://wiki2.dovecot.org/Authentication/PasswordSchemes

I suppose that the heading "{crypt}$2a$" instead of a simple "$2a$" (witch identifies a Blowfish password) is my problem.

Hmm, did you tried simple string replacement?

password_query = SELECT replace(account_pwd, '{crypt}', '{BLF-CRYPT}') AS password FROM egw_accounts WHERE account_lid = '%u'

Also, did you've read:

http://wiki2.dovecot.org/Authentication/PasswordSchemes

"BLF-CRYPT: This is the Blowfish crypt (bcrypt) scheme. It is generally considered to be very secure. The encrypted password will start with $2a$ (Note: bcrypt is not available on most Linux distributions)"

Did you've tried:

doveadm pw -s BLF-CRYPT

to verify if your system supports Blowfish at all?

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVZy4jHz1H7kL/d9rAQIuGAgApTmCyW2uU16+cDRCHjjqhcUQrPwCSELm Bh9MFs9K5Lsx1JmMYZbwg9kVhnKTiJ1MjUB1oCYTQIN4cJvQv28jpfSseQWGWx7z 4H04Xn5hD6F2U7J69g3IQoaA5XiiJITKrihAfTkFy9QrGQcAc/Mjl2aGMeA6Aghq 0gHiFCmKtFyrp0n8GwDvzGuXdAeY1OeSlM/OSqNkemtaCBJBZ940lOwv7Ldw4xGC rP3fDPnqbh1h5rfDS11XoSvlfXMimTU73s9wkw0Pr0cnSkdE5/95PDJ9SozD/0hu AC2+0LxnV0Jzl2uB9sJ1OuH0/HOezz5U0ba0KuU/qYdg/wFCqD1liQ== =52bK -----END PGP SIGNATURE-----