On 8/7/2010 11:38 PM, Gary V wrote:

On 8/7/10, Jerrale G wrote:

...

/etc/dovecot.conf:

auth default { mechanisms=plain login cram-md5 passdb { #..............

Windows Live Mail: CRAM-MD5 authentication failed. This could be due to a lack of memory on your system. Your IMAP command could not be sent to the server, due to non-network errors. This could, for example, indicate a lack of memory on your system.

Configuration: Account: Sheltoncomputers (testuser) Server: mail.sheltoncomputers.com User name: testuser@sheltoncomputers.com Protocol: IMAP Port: 993 Secure(SSL): 1 Code: 800cccdf

The console I'm using is 4 GB ram; so, this dumb error of windoze dead mail is irrelevant. The other mechanisms of TLS/no tls plain login work fine. The passwords are stored in mysql as md5(password) but this works on others not using cram-md5 (secure login of the client). I'm trying to support a plethora of mechanisms for the convenience of the customer and .

Jerrale G. Senior Admin

I'm no expert, but if I'm not mistaken, cram-md5 requires a plain text shared secret. I quote from http://www.sendmail.org/~ca/email/cyrus2/components.html:

"Shared Secret Mechanisms - For these mechanisms, such as CRAM-MD5, DIGEST-MD5, and SRP, there is a shared secret between the server and client (e.g. a password). However, in this case the password itself does not travel on the wire. Instead, the client passes a server a token that proves that it knows the secret (without actually sending the secret across the wire). For these mechanisms, the server generally needs a plaintext equivalent of the secret to be in local storage (not true for SRP)."

The auth default section of my dovecot.conf looks like:

auth default { mechanisms = plain login cram-md5 passdb sql { args = /etc/dovecot/dovecot-sql.conf } passdb sql { args = /etc/dovecot/dovecot-crammd5.conf } userdb sql { args = /etc/dovecot/dovecot-sql.conf } user = root socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } }

With an /etc/dovecot/dovecot-crammd5.conf that might look something like this:

driver = mysql connect = host=127.0.0.1 dbname=postfix user=postfix password=password default_pass_scheme = PLAIN password_query = SELECT clear AS password FROM mailbox WHERE username = '%u' AND active = '1'

With an added field to store a plain text password (I called it "clear").

I guess I was just wondering how I had the md5 in mysql working and I'm aware of the salt sometimes required for md5 but only digest-md5. I realized I had guessed correctly on initial setup to have, in mysql.conf, default_pass_scheme = MD5 ; I incorrectly thought cram-md5 had to be as one of the auth default mechanisms to read md5 from mysql correctly.

I guess I need to create a new "auth crammd5 {}" and setup mysql to have the current password field to bet a function of the new clear field, automatically creating the md5 from the clear password field. I will use default_password_scheme=CLEAR, fetch from the clear, and setup dovecot.conf auth crammd5 with the settings you suggested.

Thanks,

J. G.