[Dovecot] Authentication trouble.

Timo Sirainen tss at iki.fi
Thu Dec 22 19:50:28 EET 2005


On Fri, 2005-12-16 at 18:50 -0500, Michael Peters wrote:
> * BAD [ALERT] Plaintext authentication is disabled, but your client sent 
> password in plaintext anyway. If anyone was listening, the password was 
> exposed.

You probably would want to just use SSL/TLS. Or you could allow
plaintext authentication by setting disable_plaintext_auth=no

> *I have tried adding digest-md5 cram-md5 and shadow but Dovecot will not 
> start.*
> auth default {
>   # Space separated list of wanted authentication mechanisms:
>   #   plain digest-md5 cram-md5 apop anonymous gssapi
>   mechanisms = plain
> 
> *Dovecot will not start when I tried these options. Maybe I am entering 
> this wrong?*
> 
> passdb shadow { /etc/shadow
> }
> passdb passwd { /etc/passwd
> }

CRAM-MD5 and DIGEST-MD5 require passwords to be either in plaintext
format or in a special kind of a format. You can't use /etc/shadow with
anything else than plaintext authentication.



More information about the dovecot mailing list