22 Dec
2005
22 Dec
'05
7:50 p.m.
On Fri, 2005-12-16 at 18:50 -0500, Michael Peters wrote:
- BAD [ALERT] Plaintext authentication is disabled, but your client sent password in plaintext anyway. If anyone was listening, the password was exposed.
You probably would want to just use SSL/TLS. Or you could allow plaintext authentication by setting disable_plaintext_auth=no
*I have tried adding digest-md5 cram-md5 and shadow but Dovecot will not start.* auth default { # Space separated list of wanted authentication mechanisms: # plain digest-md5 cram-md5 apop anonymous gssapi mechanisms = plain
*Dovecot will not start when I tried these options. Maybe I am entering this wrong?*
passdb shadow { /etc/shadow } passdb passwd { /etc/passwd }
CRAM-MD5 and DIGEST-MD5 require passwords to be either in plaintext format or in a special kind of a format. You can't use /etc/shadow with anything else than plaintext authentication.