[Dovecot] Confused about "Authentication Mechanism" and "Password Schemes"
Hi,
I am currently setting up a Mailserver and decided to use Dovecot as IMAP/POP3-Server. I read the wiki an thought about how to transmit and store the passwords (I want to use a MySQL-database).
I want to use encrypted transmission and encrypted storage. The wiki says:
"If you want to use only one non-plaintext mechanism, you can store the passwords using the mechanism's own password scheme. "
Ok, one secure mechanism is acceptable in my scenario and the wiki gives a list of supported authentication mechanisms and a list of supported password schemes.
But I am missing the relation between the two lists, which mechanism expects which storage scheme?
Did I overlooked any easy answer (other then "read the RFCs").
Best Regards Thomas
On 10.01.2013 12:44, Thomas Pries wrote:
Hi,
I am currently setting up a Mailserver and decided to use Dovecot as
IMAP/POP3-Server. I read the wiki an thought about how to transmit and
store the passwords (I want to use a MySQL-database).
I want to use encrypted transmission and encrypted storage. The wiki says:
"If you want to use only one non-plaintext mechanism, you can store the
passwords using the mechanism's own password scheme. "
Ok, one secure mechanism is acceptable in my scenario and the wiki gives a list of supported authentication mechanisms and a list of supported
password schemes.
But I am missing the relation between the two
lists, which mechanism
expects which storage scheme?
Did I overlooked any easy answer (other then "read the RFCs").
Best Regards Thomas
Hi Thomas,
its quite simple. If you store the passwords in database in plain text then your server can use any authentication algorithm available. however if you store encrypted/hashed passwords, then the only two available authentication algorithms is: plain as the dovecot needs to properly encode the password
Regards,
M
participants (2)
-
Miha Vrhovnik
-
Thomas Pries