On Friday 24 February 2006 13:41, Timo Sirainen wrote:
On Fri, 2006-02-24 at 13:19 +0000, Casey Allen Shobe wrote:
auth(default): digest-md5(kc@xxxx.com,71.113.119.162): password mismatch
Set auth_debug_passwords=yes and see what it prints.
FWIW, I tried that first without the patch you sent before. Then I saw the realm problem:
auth(default): client in: AUTH_1_DIGEST-MD5_service=IMAP_lip=205.234.78.135_rip=71.113.119.162 auth(default): client out: CONT_1_bm9uY2U9IjRjcUQvRjZhUzJ6UVY3ZGpvSElSMVE9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= auth(default): client in: CONT_1_dXNlcm5hbWU9ImtjQHNrOHJsYW5kLmNvbSIscmVhbG09ImltYXAuc2s4cmxhbmQuY29tIixub25jZT0iNGNxRC9GNmFTMnpRVjdkam9ISVIxUT09Iixjbm9uY2U9Inh0bFFKa2oycHYvYVQvd3JFT2hUMnpDN3Y5empHWXlHZ0JvQ0lYMCs1aGs9IixuYz0wMDAwMDAwMSxxb3A9YXV0aCxkaWdlc3QtdXJpPSJpbWFwL2ltYXAuc2s4cmxhbmQuY29tIixyZXNwb25zZT01ZDNmNmFhOThiN2EyMmU5NDQ4ZmU3NTdiMTk4NzkwZA== auth(default): digest-md5(?,71.113.119.162): Invalid realm auth(default): client out: FAIL_1 imap-login: Disconnected: method=DIGEST-MD5, rip=71.113.119.162, lip=205.234.78.135
So I tried with the patched version, and see this:
auth(default): client in: AUTH_1_DIGEST-MD5_service=IMAP_lip=205.234.78.135_rip=71.113.119.162 auth(default): client out: CONT_1_cmVhbG09IiIsbm9uY2U9IkRWQm5MWXhsemxhLzBoSjF0RXdFc1E9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= auth(default): client in: CONT_1_dXNlcm5hbWU9ImtjQHNrOHJsYW5kLmNvbSIscmVhbG09IiIsbm9uY2U9IkRWQm5MWXhsemxhLzBoSjF0RXdFc1E9PSIsY25vbmNlPSJNNzFxaGgxbGRWNkFLb1UzM0d5Sk5XY1J2VnI5ak5jaFU1akQ4TUZkWHJRPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgsZGlnZXN0LXVyaT0iaW1hcC9pbWFwLnNrOHJsYW5kLmNvbSIscmVzcG9uc2U9NTQ0OTE0OTNjOTIxOWY3ODQ1NDRhYTIwZTIxNjUyZjc= auth(default): sql(kc@sk8rland.com,71.113.119.162): query: select "user", "password" from "users" where "user" = 'kc@sk8rland.com' auth(default): digest-md5(kc@sk8rland.com,71.113.119.162): password mismatch auth(default): client out: FAIL_1_user=kc@sk8rland.com imap-login: Disconnected: user=kc@sk8rland.com, method=DIGEST-MD5, rip=71.113.119.162, lip=205.234.78.135
You could also try manually to get the crypted password and see why it goes wrong: dovecotpw -u kc@xxxx.com -s digest-md5
# dovecotpw -u kc@sk8rland.com -s digest-md5 Enter new password: <type my password here> Retype new password: <type my password here> {DIGEST-MD5}bc077aef5e9d4a3527e9d21a7d527802
If that doesn't print the same value as what you see in logs, try with -u kc.
Erm, I'm not sure what to look for in the logs, so what the hey:
# dovecotpw -u kc -s digest-md5 Enter new password: Retype new password: {DIGEST-MD5}8ac1882cb154c9c59bfa38111abf8316
This is because with Digest-MD5 the password has is built from both username and password, and they both must match exactly. Hmm. Now that I think of it, this breaks aliases. I guess I'll fix this also. Patch included in attachment, does this help either?
With new patch, got this:
auth(default): client in: AUTH_1_DIGEST-MD5_service=IMAP_lip=205.234.78.135_rip=71.113.119.162 auth(default): client out: CONT_1_cmVhbG09IiIsbm9uY2U9IkdmSytqOHJPbVU1aUJJYWo5ZEMwMXc9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI= auth(default): client in: CONT_1_dXNlcm5hbWU9ImtjQHNrOHJsYW5kLmNvbSIscmVhbG09IiIsbm9uY2U9IkdmSytqOHJPbVU1aUJJYWo5ZEMwMXc9PSIsY25vbmNlPSJHNVpvY1J6eVRPYnprSXpHM0pSNEh1c2hXV2hvN29qUUduNDV2K0MzZnZjPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgsZGlnZXN0LXVyaT0iaW1hcC9pbWFwLnNrOHJsYW5kLmNvbSIscmVzcG9uc2U9MzJmYzhmYjdiNWZmODk1ODkwZDIxNDUyZjZmYWM3MjI= auth(default): sql(kc@sk8rland.com,71.113.119.162): query: select "user", "password" from "users" where "user" = 'kc@sk8rland.com' auth(default): digest-md5(kc@sk8rland.com,71.113.119.162): password mismatch auth(default): client out: FAIL_1_user=kc@sk8rland.com imap-login: Disconnected: user=kc@sk8rland.com, method=DIGEST-MD5, rip=71.113.119.162, lip=205.234.78.135
So it's not even trying to log in with GSSAPI. You did add it to mechanisms list, right? And it gets advertised in Dovecot's capability reply?
Connected to a.mx. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=GSSAPI] SeattleServer.com IMAP ready. 2 capability
- CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=NTLM AUTH=GSSAPI 2 OK Capability completed.
root@patos.seattleserver.com:/home/root/dovecot-1.0.beta3 # grep 'mechanisms =' /etc/dovecot.conf mechanisms = plain login digest-md5 cram-md5 ntlm gssapi
-- Casey Allen Shobe | cshobe@seattleserver.com | 206-381-2800 SeattleServer.com, Inc. | http://www.seattleserver.com