[Dovecot] DIGEST-MD5 doesn't work
Hi,
my dovecot installation works since months and clients authenticate using CRAM-MD5. But today I got the first chance to test an client that supports DIGEST-MD5 - and it doesn't work. Because of lack of other supporting clients and servers I'm now at the point I don't know which side is to blame.
The error I get after the client answers the servers challenge is "-ERR Authentication failed: Missing nonce parameter". Though I don't know how DIGEST-MD5 works I wonder about the message because the clients answer contains a nonce parameter (captured with tcpdump): YXV0aHppZD0ib3RycyIsY2hhcnNldD11dGYtOCxjbm9uY2U9IjFlOTZkYmZiZWEwZjUxNmVhZjEyYmM0NjU1M2JmZjVlIixkaWdlc3QtdXJpPSJwb3AzL25hbm8iLG5jPTAwMDAwMDAxLG5vbmNlPSJPVGpGWmhjS2FIVjZSVGMyZlRDTXJ3PT0iLHFvcD1hdXRoLHJlYWxtPSIiLHJlc3BvbnNlPTVmMTQyZWVlN2FmMWVmYTJhYWI5ZmM0ODNiOGJjOTJhLHVzZXJuYW1lPSJvdHJzIg==
authzid="otrs",charset=utf-8,cnonce="1e96dbfbea0f516eaf12bc46553bff5e", digest-uri="pop3/nano",nc=00000001,nonce="OTjFZhcKaHV6RTc2fTCMrw==", qop=auth,realm="",response=5f142eee7af1efa2aab9fc483b8bc92a,username="otrs"
Client is a Perl script using Net::POP3 and Authen::SASL Modules
Dovecot is version 0.99.14 - I know it's old and not supported. If one tells me the bug is known and fixed in 1.0rc, then I'll think about upgrading, but I just to test I don't want to change my running system.
Regards, Jürgen
Jürgen Herz wrote:
my dovecot installation works since months and clients authenticate using CRAM-MD5. But today I got the first chance to test an client that supports DIGEST-MD5 - and it doesn't work. Because of lack of other supporting clients and servers I'm now at the point I don't know which side is to blame.
The error I get after the client answers the servers challenge is "-ERR Authentication failed: Missing nonce parameter".
Ok, now I tested it against fresh compiled dovecot 1.0rc7 and get a simple "-ERR Authentication failed."
Server Challenge was (decoded) realm="",nonce="S5hbmt7qeaQYOS/OLKOsYg==",qop="auth",charset="utf-8", algorithm="md5-sess"
And client response (decoded) authzid="juergen",charset=utf-8,cnonce="7c1c927e756c9067dbf412c964a823c1", digest-uri="pop/pico",nc=00000001,nonce="S5hbmt7qeaQYOS/OLKOsYg==", qop=auth,realm="",response=fed55b47609e097fdf7d145635e845ff,username="juergen"
Full log on request.
Client was again the Perl script using Net::POP3 and Authen::SASL Modules. I had that SASL-lib yesterday successfully tested in a SMTP client authenticating for Postfix with DIGEST-MD5.
On the other hand, Dovecots DIGEST-MD5 mechanism works with KMail as I was able to test today.
Anyone else who has noticed incompatibilites with Dovecots DIGEST-MD5?
Regards, Jürgen
participants (1)
-
Jürgen Herz