Hello,
I hope that this mailing list is "alive", since I am looking for a solution for my problem for a long time.
I would like to migrate my existing dovecot installation from mysql to pgsql. But I have problems with the passwords when using pgsql.
The existing and working mysql-based installation looks like this:
dovecot-sql.conf.ext:
driver = mysql
default_pass_scheme = SHA512-CRYPTUsers are created like this:
INSERT INTO mls_user (idx,domain,password,email)
VALUES (1,99,ENCRYPT('Test'),'mws@alpenjodel.de');This setup is working, which I can verify like this:
$ telnet localhost 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5
AUTH=CRAM-MD5] Dovecot ready.
a login mws@alpenjodel.de Test
OKNow let's take a look at the pgsql version of the setup:
dovecot-sql.conf.ext:
driver = pgsql
default_pass_scheme = SHA512-CRYPTUsers are created like this:
INSERT INTO mls_user (idx,domain,password,email)
VALUES (1,99,crypt('Test',gen_salt('des')),'mws@alpenjodel.de');This setup is not working:
$ telnet localhost 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5
AUTH=CRAM-MD5] Dovecot ready.
a login mws@alpenjodel.de Test
a NO [AUTHENTICATIONFAILED] Authentication failed.Assumptions:
I believe that the mysql encrypt function uses the crypt system call, which in turn uses the DES algorithm with a random salt.
I believe that the same is done with the pgsql function call crypt('Test',gen_salt('des')).
But obviously some of these assumptions must be wrong.
Besides that, the variable "default_pass_scheme" is set to "SHA512-CRYPT" in both cases. But obviously, not SHA but DES is used by the working mysql-based setup. I don't understand that. Could someone please explain the relationship between the default_pass_scheme variable and the encryption/hashing algorithm used to store the user passwords?
And finally: What can I do to migrate to pgsql?
Thank you Magnus