[Dovecot] Postfix/mysql/dovecot - Understanding password encryption
I am switching from a fedora/postfix/mysql/couriermail/squirrelmail to Centos/.../dovecot/roundcubemail and adding postfixadmin to the mix.
My tutorial before was an earlier version (on F14) of:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
Now I am using
http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMail...
to get me started. I am up to roundcubemail setup and am stumbling to understand what the author here is doing with encrypted passwords, so felt it was time to delve deeper into this.
My old setup uses mysql-crypt for the password.
MYSQL_CRYPT_PWFIELD password
and users could be added to the table with:
INSERT INTO users
(email
, password
, quota
) VALUES
('sales@example.com', ENCRYPT('secret'), 10485760);
But where this was all simple and no choices, I get to figure out what to do with my dovecot setup.
Some of the 'secret' is hinted at in postfixadmin's config.inc.php:
// Encrypt // In what way do you want the passwords to be crypted? // md5crypt = internal postfix admin md5 // md5 = md5 sum of the password // system = whatever you have set as your PHP system default // cleartext = clear text passwords (ouch!) // mysql_encrypt = useful for PAM integration // authlib = support for courier-authlib style passwords // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 $CONF['encrypt'] = 'md5crypt';
Where is there information on the different choices and how to choose.
Is it as 'simple' as setting up postfixadmin to control the password encryption format then 'inform' dovecot in the dovecot-mysql.conf with
default_pass_scheme = MD5-CRYPT
Thank you for any pointers.
On 12/24/2012 04:26 PM, Robert Moskowitz wrote:
I am switching from a fedora/postfix/mysql/couriermail/squirrelmail to Centos/.../dovecot/roundcubemail and adding postfixadmin to the mix.
My tutorial before was an earlier version (on F14) of:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
Now I am using
http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMail...
to get me started. I am up to roundcubemail setup and am stumbling to understand what the author here is doing with encrypted passwords, so felt it was time to delve deeper into this.
My old setup uses mysql-crypt for the password.
MYSQL_CRYPT_PWFIELD password
and users could be added to the table with:
INSERT INTO
users
(password
,quota
) VALUES ('sales@example.com', ENCRYPT('secret'), 10485760);But where this was all simple and no choices, I get to figure out what to do with my dovecot setup.
Some of the 'secret' is hinted at in postfixadmin's config.inc.php:
// Encrypt // In what way do you want the passwords to be crypted? // md5crypt = internal postfix admin md5 // md5 = md5 sum of the password // system = whatever you have set as your PHP system default // cleartext = clear text passwords (ouch!) // mysql_encrypt = useful for PAM integration // authlib = support for courier-authlib style passwords // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 $CONF['encrypt'] = 'md5crypt';
Where is there information on the different choices and how to choose.
Is it as 'simple' as setting up postfixadmin to control the password encryption format then 'inform' dovecot in the dovecot-mysql.conf with
default_pass_scheme = MD5-CRYPT
Oh, the dovecot.conf has the line:
auth_mechanisms = plain login
Which adds to my confusion.
Am 24.12.2012 22:44, schrieb Robert Moskowitz:
On 12/24/2012 04:26 PM, Robert Moskowitz wrote:
I am switching from a fedora/postfix/mysql/couriermail/squirrelmail to Centos/.../dovecot/roundcubemail and adding postfixadmin to the mix.
My tutorial before was an earlier version (on F14) of:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
Now I am using
http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMail...
to get me started. I am up to roundcubemail setup and am stumbling to understand what the author here is doing with encrypted passwords, so felt it was time to delve deeper into this.
My old setup uses mysql-crypt for the password.
MYSQL_CRYPT_PWFIELD password
and users could be added to the table with:
INSERT INTO
users
(password
,quota
) VALUES ('sales@example.com', ENCRYPT('secret'), 10485760);But where this was all simple and no choices, I get to figure out what to do with my dovecot setup.
Some of the 'secret' is hinted at in postfixadmin's config.inc.php:
// Encrypt // In what way do you want the passwords to be crypted? // md5crypt = internal postfix admin md5 // md5 = md5 sum of the password // system = whatever you have set as your PHP system default // cleartext = clear text passwords (ouch!) // mysql_encrypt = useful for PAM integration // authlib = support for courier-authlib style passwords // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 $CONF['encrypt'] = 'md5crypt';
Where is there information on the different choices and how to choose.
Is it as 'simple' as setting up postfixadmin to control the password encryption format then 'inform' dovecot in the dovecot-mysql.conf with
default_pass_scheme = MD5-CRYPT
Oh, the dovecot.conf has the line:
auth_mechanisms = plain login Which adds to my confusion.
maybe you should read some basic documentations see the large bumber of your posts on dovecot/postfix list and that i was able to setup my first mailserver years ago with only reading the docs and subcribe for mailing-lists a year later it feels like you try to replace reading manuals with posting basic questions
auth-mech = client/server
start with
- http://wiki.dovecot.org/
- http://wiki.dovecot.org/Authentication/Mechanisms
- http://www.postfix.org/documentation.html
// cleartext = clear text passwords (ouch!)
if you want / need to provide different auth-mchs you may have no other option because the server will not be able to generate the data for CRAM-MD5/MD5-DIGEST from a hashed column
this is also eplained here http://wiki.dovecot.org/Authentication/Mechanisms
On 12/24/2012 04:54 PM, Reindl Harald wrote:
Am 24.12.2012 22:44, schrieb Robert Moskowitz:
On 12/24/2012 04:26 PM, Robert Moskowitz wrote:
I am switching from a fedora/postfix/mysql/couriermail/squirrelmail to Centos/.../dovecot/roundcubemail and adding postfixadmin to the mix.
My tutorial before was an earlier version (on F14) of:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
Now I am using
http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMail...
to get me started. I am up to roundcubemail setup and am stumbling to understand what the author here is doing with encrypted passwords, so felt it was time to delve deeper into this.
My old setup uses mysql-crypt for the password.
MYSQL_CRYPT_PWFIELD password
and users could be added to the table with:
INSERT INTO
users
(password
,quota
) VALUES ('sales@example.com', ENCRYPT('secret'), 10485760);But where this was all simple and no choices, I get to figure out what to do with my dovecot setup.
Some of the 'secret' is hinted at in postfixadmin's config.inc.php:
// Encrypt // In what way do you want the passwords to be crypted? // md5crypt = internal postfix admin md5 // md5 = md5 sum of the password // system = whatever you have set as your PHP system default // cleartext = clear text passwords (ouch!) // mysql_encrypt = useful for PAM integration // authlib = support for courier-authlib style passwords // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 $CONF['encrypt'] = 'md5crypt';
Where is there information on the different choices and how to choose.
Is it as 'simple' as setting up postfixadmin to control the password encryption format then 'inform' dovecot in the dovecot-mysql.conf with
default_pass_scheme = MD5-CRYPT
Oh, the dovecot.conf has the line:
auth_mechanisms = plain login Which adds to my confusion. maybe you should read some basic documentations see the large bumber of your posts on dovecot/postfix list and that i was able to setup my first mailserver years ago with only reading the docs and subcribe for mailing-lists a year later it feels like you try to replace reading manuals with posting basic questions
With all due respect, the manuals have grown over the years. I have spent time over the past month going through the manuals and putting together notes. Then I have gone through a few tutorials to get some lessons learned from others. Some tools like postfixadmin do a lot more than what I need, so I am plowing through extra stuff. You ask, why use postfixadmin and not just build it from scratch? I have a few domains and others are responsible for those domains. The tool I used before was difficult for multiple admins. My reading on postfixadmin make rather attractive. Then follows a lot of other stuff.
Challenge is, I can only put a couple hours a day in on this. Like many here I have other assignments.
I do appreciate your help; I try to help (mostly on other lists) where I can. But my expertise in secure data communications is rather specialized.
auth-mech = client/server
// cleartext = clear text passwords (ouch!) if you want / need to provide different auth-mchs you may have no other option because the server will not be able to generate
- http://wiki.dovecot.org/
- http://wiki.dovecot.org/Authentication/Mechanisms
- http://www.postfix.org/documentation.html
start with the data for CRAM-MD5/MD5-DIGEST from a hashed column
this is also eplained here http://wiki.dovecot.org/Authentication/Mechanisms
participants (2)
-
Reindl Harald
-
Robert Moskowitz