[Dovecot] Cannot authenticate with new Red Hat/Fedora SHA512
RHEL6 and Fedora 14 use an improved password algorithm of SHA512 on a brand new install of the OS (:$6$ in shadow file).
cat /etc/shadow user1:$6$<salt>$<password>:15006:0:99999:7:::
I cannot get dovecot to authenticate. I've search for a way to change the default algorithm in dovecot and found you should use CRYPT but I don't know what to put in the /etc/dovecot/dovecot.conf or /etc/dovecot/conf.d/*
Can this be done or do you need to use an alternate password file with MD5?
Thanks, John.
On 02/01/2011 04:31 PM John Cooper wrote:
RHEL6 and Fedora 14 use an improved password algorithm of SHA512 on a brand new install of the OS (:$6$ in shadow file).
cat /etc/shadow user1:$6$<salt>$<password>:15006:0:99999:7:::
I cannot get dovecot to authenticate. I've search for a way to change the default algorithm in dovecot and found you should use CRYPT but I don't know what to put in the /etc/dovecot/dovecot.conf or /etc/dovecot/conf.d/*
Can this be done or do you need to use an alternate password file with MD5?
Thanks, John.
You forgot to show your doveconf -n
output.
Regards, Pascal
The trapper recommends today: 5e1f1e55.1103216@localdomain.org
On 02/01/2011 04:31 PM John Cooper wrote:
RHEL6 and Fedora 14 use an improved password algorithm of SHA512 on a brand new install of the OS (:$6$ in shadow file).
cat /etc/shadow user1:$6$<salt>$<password>:15006:0:99999:7:::
I cannot get dovecot to authenticate. I've search for a way to change the default algorithm in dovecot and found you should use CRYPT but I don't know what to put in the /etc/dovecot/dovecot.conf or /etc/dovecot/conf.d/*
Can this be done or do you need to use an alternate password file with MD5?
Thanks, John.
You forgot to show your
doveconf -n
output.Regards, Pascal # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35.10-74.fc14.i686 i686 Fedora release 14 (Laughlin) mbox_write_locks = fcntl
On 02/01/2011 03:46 PM, Pascal Volk wrote: passdb { driver = pam } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd }
On 02/01/2011 05:01 PM John Cooper wrote:
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35.10-74.fc14.i686 i686 Fedora release 14 (Laughlin) mbox_write_locks = fcntl passdb { driver = pam } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd }
Hm, looks good so far. What was logged to your maillog? You may also set auth_verbose = yes in your conf.d/10-logging.conf
Regards, Pascal
The trapper recommends today: c01dcofe.1103217@localdomain.org
On 02/01/2011 04:13 PM, Pascal Volk wrote:
On 02/01/2011 05:01 PM John Cooper wrote:
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35.10-74.fc14.i686 i686 Fedora release 14 (Laughlin) mbox_write_locks = fcntl passdb { driver = pam } ssl_cert =</etc/pki/dovecot/certs/dovecot.pem ssl_key =</etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd }
Hm, looks good so far. What was logged to your maillog? You may also set auth_verbose = yes in your conf.d/10-logging.conf
Regards, Pascal Looking in secure.log as authentication error, didn't get to maillog. maillog had error :-
dovecot: imap(usser1): Error: user user1: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/user1
So added this to dovecot.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
Restarted dovecot and everything now works.
Thanks, John.
On Tue, 2011-02-01 at 16:01 +0000, John Cooper wrote:
cat /etc/shadow user1:$6$<salt>$<password>:15006:0:99999:7::: .. passdb { driver = pam }
PAM reads the shadow file and does the authentication, not Dovecot. So it has nothing to do with passwords being SHA512. More likely it's the same generic PAM authentication problem explained in http://wiki2.dovecot.org/WhyDoesItNotWork
participants (3)
-
John Cooper
-
Pascal Volk
-
Timo Sirainen