[Dovecot] Problems in auth when switching from PLAIN-MD5
Hi, i am running dovecot 2.0.11 (with mysql backend) and until now using PLAIN-MD5 as pass default_pass_scheme everything was working fine. However i wanted to change the pass_scheme to something stronger than plain-md5, so i started by reading the wiki.
I found this: http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes
But when i comment out "default_pass_scheme" and i create the pass with the {SHA256.hex} prefix i see this in the logs:
auth: Error: sql(xxx@xxxxxx.com,10.21.1.1): Password in passdb is not in expected scheme SHA256.hex
I tried with several algorithms, but it seems to be something in my config that it's only working with plain-md5. the auth_mechanism is plain with ssl/tls.
Maybe someone can give me a hint of where to see o which config file review.
Thanks in advance.
Eduardo.
On Thu, 2011-06-02 at 17:41 -0300, Eduardo Casarero wrote:
Hi, i am running dovecot 2.0.11 (with mysql backend) and until now using PLAIN-MD5 as pass default_pass_scheme everything was working fine. However i wanted to change the pass_scheme to something stronger than plain-md5, so i started by reading the wiki.
I found this: http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes
But when i comment out "default_pass_scheme" and
You don't need to comment it out. Although I guess then the default is still PLAIN-MD5.
i create the pass with the {SHA256.hex} prefix i see this in the logs:
auth: Error: sql(xxx@xxxxxx.com,10.21.1.1): Password in passdb is not in expected scheme SHA256.hex
Show an example of a stored password?
2011/6/3 Timo Sirainen tss@iki.fi
On Thu, 2011-06-02 at 17:41 -0300, Eduardo Casarero wrote:
Hi, i am running dovecot 2.0.11 (with mysql backend) and until now using PLAIN-MD5 as pass default_pass_scheme everything was working fine. However i wanted to change the pass_scheme to something stronger than plain-md5, so i started by reading the wiki.
I found this: http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes
But when i comment out "default_pass_scheme" and
You don't need to comment it out. Although I guess then the default is still PLAIN-MD5.
i create the pass with the {SHA256.hex} prefix i see this in the logs:
auth: Error: sql(xxx@xxxxxx.com,10.21.1.1): Password in passdb is not in expected scheme SHA256.hex
Show an example of a stored password?
i tried with '{SSHA256.hex}acb600a04d0816cd3242a5489e3ac39b4f9f7c9dedacbd754f93c769ac4829e1db7fae58' (generated with the php script from the wiki) and i also tried with:
doveadm pw -s SHA -u user@domain.com
{SHA}kLF2K2vi+AxTEJ7kOZqXbjNnYhE=
With both examples i got the error "Password in passdb is not in expected scheme", the select query is a simple select.
Thanks again!
On Fri, 2011-06-03 at 11:53 -0300, Eduardo Casarero wrote:
i tried with '{SSHA256.hex}acb600a04d0816cd3242a5489e3ac39b4f9f7c9dedacbd754f93c769ac4829e1db7fae58' (generated with the php script from the wiki) and i also tried with:
doveadm pw -s SHA -u user@domain.com
{SHA}kLF2K2vi+AxTEJ7kOZqXbjNnYhE=
With both examples i got the error "Password in passdb is not in expected scheme", the select query is a simple select.
I don't see any reason why those wouldn't work. Set auth_debug_passwords=yes and show the logs when trying to log in?
participants (2)
-
Eduardo Casarero
-
Timo Sirainen