[Dovecot] Using pgsql with 'cram-md5 auth' and 'hmac-md5 scheme'

Jonathan Ballet multani at free.fr
Tue Sep 12 01:13:05 EEST 2006 

Hello,

I want to use PostgreSQL to store my Dovecot users. I setup a very
basic configuration, following word for word this page
http://wiki.dovecot.org/DovecotPostgresql and it works ... almost.

In fact, it works if I use PLAIN password scheme in my database.
However, I would like to store them encrypted.
But, if I replace the password field for my user with {HMAC-MD5}-...
(the password generated by dovecotpw), it doesn't work.


Here is the log, using PLAIN password scheme (all debug options
activated) :
===================================================
auth(default): client in: AUTH       1       CRAM-MD5
service=IMAP    secured lip=127.0.0.1   rip=127.0.0.1
auth(default): client out: CONT      1
PDU3NTgxMTE5MTcwMTYzNjguMTE1ODAxMTQzN0BkZWI2ND4=
auth(default): client in: CONT       1
am9uIDJjN2RmMDVmZWZiNWU4MmE0MzFkMjM2YThhYzc2MDAx
auth(default): sql(jon,127.0.0.1): query: SELECT userid as user,
password FROM users WHERE userid = 'jon'
auth(default): password(jon,127.0.0.1): Credentials:
3fd9989457cb3edf1fb8d31dddaf11f3f0efee3423aeb9ebf9bbe981f86a079b
auth(default): client out: OK        1       user=jon
auth(default): master in: REQUEST    1       23748   1
auth(default): sql(jon,127.0.0.1): SELECT home, uid, gid FROM users
WHERE userid = 'jon'
auth(default): master out: USER      1       jon
home=/var/mail/jon/     uid=5000        gid=5000
IMAP(jon): Effective uid=5000, gid=5000
IMAP(jon): maildir: data=/var/mail/jon
IMAP(jon): maildir:root=/var/mail/jon, index=/var/mail/jon, control=,
inbox=
imap-login: Login: user=<jon>, method=CRAM-MD5, rip=127.0.0.1,
lip=127.0.0.1, secured
IMAP(jon): Disconnected: Logged out



And here is the log, using HMAC-MD5 password scheme (all debug options
activated too) :
=====================================================
auth(default): client in: AUTH       1       CRAM-MD5
service=IMAP    secured lip=127.0.0.1   rip=127.0.0.1
auth(default): client out: CONT      1
PDI0MDc4NTQzMDc5NjU2NTIuMTE1ODAxMTkxNUBkZWI2ND4=
auth(default): client in: CONT       1
am9uIDViNmE4NDI5ZjUzZTQ3YTEzZmEzNjhiOThlYjI5OTFi
auth(default): sql(jon,127.0.0.1): query: SELECT userid as user,
password FROM users WHERE userid = 'jon'
auth(default): password(jon,127.0.0.1): Credentials:
auth(default): cram-md5(jon,127.0.0.1): password mismatch
auth(default): client out: FAIL      1       user=jon
imap-login: Disconnected: user=<jon>, method=CRAM-MD5, rip=127.0.0.1,
lip=127.0.0.1, secured


The login + password used for those tests are 'jon'/'jonpwd'. In the
second example, I didn't get any Credentials, whereas in the first case
(PLAIN scheme), the Credentials output correspond to the 'dovecotpw'
generated password (as in `dovecotpw -s HMAC-MD5 -p jonpwd`).
I don't know if it's normal or not.


So, I'm not sure what to do next :/
I use this kind of 'auth mechanism'/'password scheme' on another
computer, with passwd-like files, and it works. So, I don't know why
the same data, coming from another location, doesn't work.


Any help would be greatly appreciated !
Thanks,

  -- Jonathan

More information about the dovecot mailing list