argonid and dovecote

newer
Different listeners with different...

older
Dovecot 2.3.4 crashing on Solaris...

Jerry

6 Dec 2018 6 Dec '18

5:44 p.m.

on a FreeBSD 11.2 amd64 machine, I am trying to get Dovecot 2.3.4 to play nice with "argonid" encryption.

In the "10-auth.conf" file, I tried:

auth_mechanisms = plain argon2id

Upon restarting dovecot, I received an error message when attempting to actually it:

auth: FATAL: Unknown authentication mechanism "ARGON2ID"

Output from doveadm pw -l

doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5

I assume I am making a stupid mistake, but I do not know what it is.

-- Jerry

Show replies by date

Larry Rosenman

6 Dec 6 Dec

6:16 p.m.

Update to the latest port in the HEAD ports tree

On 12/6/18, 11:44 AM, "dovecot on behalf of Jerry" wrote:

on a FreeBSD 11.2 amd64 machine, I am trying to get Dovecot 2.3.4 to play
nice with "argonid" encryption.

In the "10-auth.conf" file, I tried:

auth_mechanisms = plain argon2id

Upon restarting dovecot, I received an error message when attempting to
actually it:

auth: FATAL: Unknown authentication mechanism "ARGON2ID"

Output from doveadm pw -l

doveadm pw -l
SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA
MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR
CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5
PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5

I assume I am making a stupid mistake, but I do not know what it is.

-- 
Jerry

Larry Rosenman

6:33 p.m.

And enable the "libsodium" option. __ (I'm the maintainer for Dovecot, AKA: ler@FreeBSD.org).

On 12/6/18, 12:16 PM, "Larry Rosenman" larryrtx@gmail.com wrote:

Update to the latest port in the HEAD ports tree

On 12/6/18, 11:44 AM, "dovecot on behalf of Jerry" <dovecot-bounces@dovecot.org on behalf of jerry@seibercom.net> wrote:

    on a FreeBSD 11.2 amd64 machine, I am trying to get Dovecot 2.3.4 to play
    nice with "argonid" encryption.
    
    In the "10-auth.conf" file, I tried:
    
    auth_mechanisms = plain argon2id
    
    Upon restarting dovecot, I received an error message when attempting to
    actually it:
    
    auth: FATAL: Unknown authentication mechanism "ARGON2ID"
    
    Output from doveadm pw -l
    
    doveadm pw -l
    SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA
    MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR
    CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5
    PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5
    
    I assume I am making a stupid mistake, but I do not know what it is.
    
    -- 
    Jerry

Jerry

6:36 p.m.

On Thu, 6 Dec 2018 18:16:05 +0000, Larry Rosenman stated:

...

Update to the latest port in the HEAD ports tree

On 12/6/18, 11:44 AM, "dovecot on behalf of Jerry" wrote:

on a FreeBSD 11.2 amd64 machine, I am trying to get Dovecot 2.3.4 to play nice with "argonid" encryption.

In the "10-auth.conf" file, I tried:

auth_mechanisms = plain argon2id

Upon restarting dovecot, I received an error message when attempting to actually it:

auth: FATAL: Unknown authentication mechanism "ARGON2ID"

Output from doveadm pw -l

doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5

I assume I am making a stupid mistake, but I do not know what it is.

-- Jerry

I have the latest port. I discovered that I do not have to list "argon2id" in "auth_mechanisms", although that does seem strange.

-- Jerry

Larry Rosenman

6:38 p.m.

Because it is a PASSWORD hash, not an authentication mechanism.

On 12/6/18, 12:37 PM, "dovecot on behalf of Jerry" wrote:

I have the latest port. I discovered that I do not have to list "argon2id" in
"auth_mechanisms", although that does seem strange.

-- 
Jerry

Jerry

7:03 p.m.

On Thu, 6 Dec 2018 18:38:32 +0000, Larry Rosenman stated:

...

Because it is a PASSWORD hash, not an authentication mechanism.

Okay, that make sense. Perhaps, a note about that somewhere might prove useful.

-- Jerry

Larry Rosenman

7:05 p.m.

On 12/6/18, 1:03 PM, "dovecot on behalf of Jerry" wrote:

On Thu, 6 Dec 2018 18:38:32 +0000, Larry Rosenman stated:

>Because it is a PASSWORD hash, not an authentication mechanism.

Okay, that make sense. Perhaps, a note about that somewhere might prove
useful.

-- 
Jerry

Where on the wiki would you suggest that be put?

Jerry

8:15 p.m.

On Thu, 6 Dec 2018 19:05:59 +0000, Larry Rosenman stated:

...

On 12/6/18, 1:03 PM, "dovecot on behalf of Jerry" wrote:

On Thu, 6 Dec 2018 18:38:32 +0000, Larry Rosenman stated:

...
Because it is a PASSWORD hash, not an authentication mechanism.

Okay, that make sense. Perhaps, a note about that somewhere might prove useful.

-- Jerry

...

Where on the wiki would you suggest that be put?

I think that what was confusing, at least for me, is that the "doveadm-pw" man page says:

-l List all supported password schemes and exit successfully. There are up to three optional password schemes: BLF-CRYPT Blowfish crypt), SHA256-CRYPT and SHA512-CRYPT. Their availability depends on the system's currently used libc.

I had assumed, obviously incorrectly, that I had to enter the scheme into the dovecot conf file as indicated earlier.

Perhaps, for people like me that are not the sharpest knife in the drawer, a notation to that affect might prove useful.

Just my 2 ￠.

-- Jerry

Aki Tuomi

9:34 p.m.

2184

Age (days ago)

2184

Last active (days ago)

List overview

8 comments

3 participants

participants (3)

Aki Tuomi
Jerry
Larry Rosenman

argonid and dovecote

tags

participants (3)