* On 14/09/06 14:44 -0400, John Peacock wrote: | Odhiambo WASHINGTON wrote: | >Is it possible to use a different auth mechanism, other than "plain", | >when the encrypted password is in /etc/master.passwd (BSD style)? | | No, because the other mechanisms require a plaintext password (although | I see the WIKI doesn't reflect this except for APOP). As I recommended | recently, you are free to use IMAPS (SSL IMAP) with encrypted passwords. Hi John, Let me understand this correctly. You're saying IMAPS will work with a setting such as below?? auth default { mechanisms = digest-md5 passdb pam { args = * } userdb passwd { args = /etc/master.passwd } If yes, then I am inclined to ask why POP3S would not work with the same. Sorry, questions still dumb ;) -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ The modern child will answer you back before you've said anything. -- Laurence J. Peter

* On 14/09/06 21:20 +0200, Anand Buddhdev wrote: | On Thursday 14 September 2006 21:13, Odhiambo WASHINGTON wrote: | | Hi Wash, | | > Hi John, | > | > Let me understand this correctly. | > | > You're saying IMAPS will work with a setting such as below?? | > | > auth default { | > mechanisms = digest-md5 | > passdb pam { | > args = * | > } | > userdb passwd { | > args = /etc/master.passwd | > } | > | > If yes, then I am inclined to ask why POP3S would not work with the | > same. | > | > Sorry, questions still dumb ;) | | The above can't work (for POP or IMAP). For the DIGEST-MD5 auth | mechanism to work, Dovecot needs access to the plain text password. | However, the password is stored in an encrypted form | in /etc/master.passwd. With encrypted password in /etc/master.passwd, | you can only use the PLAIN mechanism. | | What John was saying is that since the password has to be transmitted in | the clear for PLAIN, it's better to use transport-level security, ie. | IMAPS and POP3S. Hi Anand, Thank you very much for the clarification. I have a setup where I have both the cleartext password and encrypted (md5 hash) password in a mysql database. In this situation it would be possible to use digest-md5, yes? But this would mean that any user not using secure authentication will fail to authenticate or is it possible to configure dovecot to start with a secure auth mechanism, but fall back to some none secure mechanism in case the default one fails (although it's stupid to do this)? -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ According to the obituary notices, a mean and unimportant person never dies.