[Dovecot] Problem with DIGEST-MD5 authentication and plaintext passwords

Timo Sirainen tss at iki.fi
Sun Nov 16 17:56:41 EET 2003


On Wed, 2003-11-12 at 03:09, Matthew Reimer wrote:
> I wasn't able to get DIGEST-MD5 authentication working with passwords 
> stored as plaintext until I tweaked password_generate() to make it not 
> use the domain portion of user at domain.com as the realm. Both evolution 
> and kmail send the email address as the username with no realm; when 
> dovecot tries to convert the username to user + realm, the hash is 
> different and so DIGEST-MD5 authentication fails. Having 
> password_generate() hash user at domain.com::password instead of 
> user:domain.com:password fixes it. I need this to work because I need to 
> support all of PLAIN, CRAM-MD5, and DIGEST-MD5 at the same time.
> 
> Timo, do you think this is a proper fix, or are kmail and evolution broken?

Well .. Looks like most clients don't actually use realms, but I rather
wouldn't completely drop support for them which your change would do.

Correct fix would be to separate realm and "@domain" handling in code,
that should work with both cases. I'll see if I can get that done.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20031116/c959fe5f/attachment-0001.bin>


More information about the dovecot mailing list