[Dovecot] From passwd-file to Postgresql database
Hello,
I have a working installation of Dovecot, which use passwd-file for both users and passwords databases. My setup uses CRAM-MD5 for the authentification mechanism and the password in my passwd-file was stored encoded with HMAC-MD5.
Now, I want to use Postgresql to replace those passwd-files. So I make the necessary change in my dovecot.conf file :
userdb sql { args = /etc/dovecot/dovecot-sql.conf } passdb sql { args = /etc/dovecot/dovecot-sql.conf }
In the dovecot-sql.conf file, I comment out the simplest query, and change the default_pass_scheme to HMAC-MD5 (as in my previous setup). I put my users from the passwd-file into my database, with the same user id, and the same password (starting with {HMAC-MD5}) ...
... but it fails :( The log file says to me :
dovecot: 2006-08-14 15:36:12 Info: auth(default): cram-md5(jon,xxx): password mismatch
I tried several other password schemes (DIGEST-MD5, PLAIN-MD5, PLAIN), but only PLAIN seems to work (of course, I changed the password in the database accordingly).
The documentation isn't very clear about this (or I don't find it ?) :
- in an "old" auth.txt, it is written that only PLAIN is supported, but I don't knwo if I can trust it ?
- I've got an old dovecot-pgsql.conf (2004, maybe from dovecot 0.9x ?), which said that supported scheme are "PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT"
So, what I am doing wrong ? And what is correct (or not) in my previous search ?
Regards,
-- Jonathan
On Mon, 2006-08-14 at 13:48 +0000, Jonathan Ballet wrote:
In the dovecot-sql.conf file, I comment out the simplest query, and change the default_pass_scheme to HMAC-MD5 (as in my previous setup). I put my users from the passwd-file into my database, with the same user id, and the same password (starting with {HMAC-MD5}) ...
default_pass_scheme doesn't really matter if your passwords start with {HMAC-MD5} but it doesn't hurt either..
dovecot: 2006-08-14 15:36:12 Info: auth(default): cram-md5(jon,xxx): password mismatch
Set auth_debug_passwords=yes and see what it shows? I guess it's reading the password wrong somehow.
Timo Sirainen a écrit :
On Mon, 2006-08-14 at 13:48 +0000, Jonathan Ballet wrote:
In the dovecot-sql.conf file, I comment out the simplest query, and change the default_pass_scheme to HMAC-MD5 (as in my previous setup). I put my users from the passwd-file into my database, with the same user id, and the same password (starting with {HMAC-MD5}) ...
default_pass_scheme doesn't really matter if your passwords start with {HMAC-MD5} but it doesn't hurt either..
That's what I thought, but I wanted to be sure.
dovecot: 2006-08-14 15:36:12 Info: auth(default): cram-md5(jon,xxx): password mismatch
Set auth_debug_passwords=yes and see what it shows? I guess it's reading the password wrong somehow.
I tried this too. It give me two new lines : auth(default): client out: CONT 1 PDk2NTIzNjgzNjk [...] auth(default): client in: CONT 1 am9uIGYwN2EyYzM [...]
However, I don't know what to do with it :/ Passwords are clearly not the same.
I must be missing something, but I don't know what :(
Thanks, -- Jonathan
On Wed, 2006-08-16 at 15:26 +0200, Jonathan Ballet wrote:
dovecot: 2006-08-14 15:36:12 Info: auth(default): cram-md5(jon,xxx): password mismatch
Set auth_debug_passwords=yes and see what it shows? I guess it's reading the password wrong somehow.
I tried this too. It give me two new lines : auth(default): client out: CONT 1 PDk2NTIzNjgzNjk [...] auth(default): client in: CONT 1 am9uIGYwN2EyYzM [...]
Oh, right. It's a bit useless with other than plaintext authentication. How about if you add the attached patch, does it show in logs that the password is the same as in your SQL database?
Timo Sirainen a écrit :
Oh, right. It's a bit useless with other than plaintext authentication. How about if you add the attached patch, does it show in logs that the password is the same as in your SQL database?
Humpf, I applied the attached patch, but it doesn't show me any password (or an empty password). I'm sure I entered the good passwored in my email client, and I tried with two different clients (Mozilla Thunderbird and Sylpheed-claws)
BTW, I fogot to mention I was using dovecot 1.0-rc2 (from Debian Etch).
-- Jonathan
Maybe you can log_statement for this database in postgresql, that way you'll see statement AND values from postgresql.
Hope it helps, On Wed, 16 Aug 2006, Jonathan Ballet wrote:
Date: Wed, 16 Aug 2006 16:40:53 +0200 From: Jonathan Ballet <multani@free.fr> To: Dovecot Mailing List <dovecot@dovecot.org> Subject: Re: [Dovecot] From passwd-file to Postgresql database
Timo Sirainen a écrit :
Oh, right. It's a bit useless with other than plaintext authentication. How about if you add the attached patch, does it show in logs that the password is the same as in your SQL database?
Humpf, I applied the attached patch, but it doesn't show me any password (or an empty password). I'm sure I entered the good passwored in my email client, and I tried with two different clients (Mozilla Thunderbird and Sylpheed-claws)
BTW, I fogot to mention I was using dovecot 1.0-rc2 (from Debian Etch).
-- Jonathan
-- Olivier PRENANT Tel: +33-5-61-50-97-00 (Work) 15, Chemin des Monges +33-5-61-50-97-01 (Fax) 31190 AUTERIVE +33-6-07-63-80-64 (GSM) FRANCE Email: ohp@pyrenet.fr
Make your life a dream, make your dream a reality. (St Exupery)
ohp@pyrenet.fr a écrit :
Maybe you can log_statement for this database in postgresql, that way you'll see statement AND values from postgresql.
Hope it helps,
I already have log_statement activated (set to 'all'), but it just show me the query, which is correct (I get correct result if I execute it in psql) :/
Thanks for your answer,
-- Jonathan
participants (3)
-
Jonathan Ballet
-
ohp@pyrenet.fr
-
Timo Sirainen