Quick replies from the man who knows! Thanks, Timo!
A request for clarification ...
On 05 Jan 2003 11:32:25 +0200 Timo Sirainen tss@iki.fi wrote:
On Sun, 2003-01-05 at 06:46, Amelia A.Lewis wrote: I think Outlook supported only NTLM besides the plaintext auth. There's specs for it now so it would be possible to be supported too.
If I could think of a way to break outlook without breaking other windows clients, I'd do it. As a service to the community (reduction of virus infections). But prolly you want to be compatible.
I therefore tried md5 passwords in a passwd-file, with STARTTLS enabled. Didn't work. I turned off SSL, and reenabled plain-text, and watched the login go by. Very sniffable, of course. But correct username and password ... failed. There are instructions for creating digest-md5 style secrets in auth.txt, but none for md5 passwords; I used openssl passwd -1 [password] (and cut and paste). It seems odd to me that this didn't work; does that command use a different algorithm than dovecot?
It uses different algorithm, although Dovecot could be made to support that too.. The Dovecot's algorithm is very simple and is compatible with pwdfile PAM module, it's simply the MD5 sum of a given text, eg:
perl -MDigest::MD5 -e 'print Digest::MD5::md5_hex("pass")."[34]\n"'
Digest-MD5 passwords should probably rather be used so that could be used also by people who can. The description was a bit broken it seems, for plaintext authentication it works only if the realm is empty, so this should work:
perl -MDigest::MD5 -e 'print Digest::MD5::md5_hex("user::pass")."[56]\n"'
Okay. In other words, any of the three password styles will work with plaintext auth and no realm?
And digest-md5 with no realm can be used both in plaintext, and in digest-md5 (making sure that dovecot.conf has an empty realms list)?
If the latter is true, I think that that's what I want to do ....
I think some clarifications to auth.txt might be in order; perhaps I'll write some bits and offer the diff? Or the modified file?
Maybe I should consider anyway using Cyrus SASL library, at least optionally. Would make life so much easier :) Everyone keeps wanting LDAP and MySQL and whatever support, but I'd rather concentrate on the IMAP side for now.
I *like* your focus. I like dovecot and its ease of setup very much. If lots of features are addded, then complexity is likely to rise ... in that case, perhaps the postfix pattern of config files would be worth emulating? Because basic postfix configuration remains simple; certain sorts of more complex configuration (like virtual alias domains and virtual mailbox domains) live in their own files, referenced from main, but documented separately.
I'm unthrilled with the current state of SASL; it seems to be in flux between version 1.5 and version 2.1, which are not mutually compatible (I'm pretty sure that this is why mutt doesn't do digest-md5 on my system). That will eventually get straightened out, I'm sure. But the current state of auth in dovecot seems to allow most things that SASL might offer, so perhaps it isn't yet worth the hassle of linking.
Amy!
Amelia A. Lewis amyzing {at} talsever.com alicorn@mindspring.com I stopped by the bar at 3 a.m. to seek solace in a bottle, or possibly a friend. I woke up with a headache like my head against a board, twice as cloudy as I'd been the night before. I went in seeking clarity. -- Indigo Girls