[Dovecot] auth failure
Tom Allison
tallison at tacocat.net
Fri Jun 11 04:36:48 EEST 2004
well, with some help I've made a fair amount of progress on my box.
It's working out much easier than I had anticipated and perhaps my notes
will be useful some day.
I have two questions...
Here is where I am:
cling:~# egrep -v "^($|\#)" /etc/dovecot.conf
protocols = imap imaps
login = imap
login_max_processes_count = 16
login = pop3
max_mail_processes = 512
verbose_proctitle = yes
default_mail_env = maildir:~/Maildir
mailbox_check_interval = 1
auth = default
auth_mechanisms = plain
auth_passdb = pgsql /etc/dovecot-pgsql.conf
auth_user = root
auth_verbose = yes
cling:~# egrep -v "^($|\#)" /etc/dovecot-pgsql.conf
connect = dbname=dbmail user=dbmail_reader password=SECRET
default_pass_scheme = PLAIN-MD5
password_query = SELECT passwd AS password FROM users WHERE userid = '%u'
I've created working passwords using 'mkpasswd --hash=md5'
and plugged the results into my database.
I can login and everything looks pretty cool.
Except, as near as I can tell, I'm sending plaintext authentication over
the wire. My best guess is that my password gets munged into digest-md5
format before it goes over the wire.
At this point I'm of the opinion that I'm reasonably secure.
True so far?
My guess is that the next step in security is to go for imaps and ssl
configuration. But my debian installation doesn't appear to have the
dovecot-openssl.cnf file referenced in the configuration.txt file.
Is this missing from dovecot or am I looking at a debian problem?
More information about the dovecot
mailing list