[Dovecot] CRAM-MD5 authentication but plain-md5 password storage.
Hi all,
Got a question on configuring dovecot, I'm still new at this so I might be doing this all wrong.
I want dovecot to authenticate the mail client using CRAM-MD5 so I've setup the config in dovecot.conf:
auth default {
mechanisms = cram-md5
passdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
args = /etc/dovecot/dovecot-sql.conf
}<snipped> }
In my dovecot-sql.conf I've setup the password scheme to be:
default_pass_scheme = MD5
Somehow this does not work, the error I see in the logfile is: auth-worker(default): password(info@richard5.tld,127.0.0.1): Requested CRAM-MD5 scheme, but we have only MD5
Is there a way to get this working or does this feature only works with passwords stored in plain text ?
Thanks!
Richard
On 06/22/2009 08:26 PM Richard wrote:
Hi all,
Got a question on configuring dovecot, I'm still new at this so I might be doing this all wrong.
I want dovecot to authenticate the mail client using CRAM-MD5 so I've setup the config in dovecot.conf:
auth default {
mechanisms = cram-md5 passdb sql { # Path for SQL configuration file, see doc/dovecot-sql-example.conf args = /etc/dovecot/dovecot-sql.conf }<snipped> }
In my dovecot-sql.conf I've setup the password scheme to be:
default_pass_scheme = MD5
Somehow this does not work, the error I see in the logfile is: auth-worker(default): password(info@richard5.tld,127.0.0.1): Requested CRAM-MD5 scheme, but we have only MD5
Is there a way to get this working or does this feature only works with passwords stored in plain text ?
Either use plain text, but this is NOT recommended, or dovecotpw: /path/to/dovecotpw -p plaintexpassword {CRAM-MD5}aba976aa6a7f048a82db01301075725bf42c6ad98f01a2747a853e0f479e25f8
Or w/o -p password, for the interactive mode.
Regards, Pascal
The trapper recommends today: c01dcofe.0917320@localdomain.org
On Mon, Jun 22, 2009 at 8:38 PM, Pascal Volkuser+dovecot@localhost.localdomain.org wrote:
Either use plain text, but this is NOT recommended, or dovecotpw: /path/to/dovecotpw -p plaintexpassword {CRAM-MD5}aba976aa6a7f048a82db01301075725bf42c6ad98f01a2747a853e0f479e25f8
Or w/o -p password, for the interactive mode.
Regards, Pascal
Pascal, thanks for the quick reply. I'm using postfixadmin for user administration so I guess plaintext passwords is the current solution.
Excuse my newbie question but I want to try and understand this. What is the reason to have to use plaintext passwords for this kind of authentication?
Regards,
Richard
On 06/22/2009 08:49 PM Richard wrote:
Pascal, thanks for the quick reply. I'm using postfixadmin for user administration so I guess plaintext passwords is the current solution.
Excuse my newbie question but I want to try and understand this. What is the reason to have to use plaintext passwords for this kind of authentication?
When storing passwords in plain text, Dovecot could generate the hashes 'on the fly' (when a user logs in and want to use for example CRAM-MD5, instead of PLAIN or LOGIN). But a user can also use the PLAIN or LOGIN mechanism even when the password is stored as CRAM-MD5 hash.
BUT: A user cannot login using DIGEST-MD5 if the password is stored as CRAM-MD5 hash. In this case the password should be stored as DIGEST-MD5 hash (or as plain text (not recommended!))
Further information is available at: http://wiki.dovecot.org/Authentication/Mechanisms
Regards; Pascal
The trapper recommends today: c01dcofe.0917320@localdomain.org
participants (2)
-
Pascal Volk
-
Richard