[Dovecot] Using pgsql with 'cram-md5 auth' and 'hmac-md5 scheme'
Andrey Panin
pazke at donpac.ru
Tue Sep 12 11:04:05 EEST 2006
On 255, 09 12, 2006 at 12:13:05AM +0200, Jonathan Ballet wrote:
> Hello,
>
> I want to use PostgreSQL to store my Dovecot users. I setup a very
> basic configuration, following word for word this page
> http://wiki.dovecot.org/DovecotPostgresql and it works ... almost.
>
> In fact, it works if I use PLAIN password scheme in my database.
> However, I would like to store them encrypted.
> But, if I replace the password field for my user with {HMAC-MD5}-...
/^\
|
Is this '-' just a typo ? It is not needed here.
> (the password generated by dovecotpw), it doesn't work.
>
>
> Here is the log, using PLAIN password scheme (all debug options
> activated) :
> ===================================================
> auth(default): client in: AUTH 1 CRAM-MD5
> service=IMAP secured lip=127.0.0.1 rip=127.0.0.1
> auth(default): client out: CONT 1
> PDU3NTgxMTE5MTcwMTYzNjguMTE1ODAxMTQzN0BkZWI2ND4=
> auth(default): client in: CONT 1
> am9uIDJjN2RmMDVmZWZiNWU4MmE0MzFkMjM2YThhYzc2MDAx
> auth(default): sql(jon,127.0.0.1): query: SELECT userid as user,
> password FROM users WHERE userid = 'jon'
> auth(default): password(jon,127.0.0.1): Credentials:
> 3fd9989457cb3edf1fb8d31dddaf11f3f0efee3423aeb9ebf9bbe981f86a079b
> auth(default): client out: OK 1 user=jon
> auth(default): master in: REQUEST 1 23748 1
> auth(default): sql(jon,127.0.0.1): SELECT home, uid, gid FROM users
> WHERE userid = 'jon'
> auth(default): master out: USER 1 jon
> home=/var/mail/jon/ uid=5000 gid=5000
> IMAP(jon): Effective uid=5000, gid=5000
> IMAP(jon): maildir: data=/var/mail/jon
> IMAP(jon): maildir:root=/var/mail/jon, index=/var/mail/jon, control=,
> inbox=
> imap-login: Login: user=<jon>, method=CRAM-MD5, rip=127.0.0.1,
> lip=127.0.0.1, secured
> IMAP(jon): Disconnected: Logged out
>
>
>
> And here is the log, using HMAC-MD5 password scheme (all debug options
> activated too) :
> =====================================================
> auth(default): client in: AUTH 1 CRAM-MD5
> service=IMAP secured lip=127.0.0.1 rip=127.0.0.1
> auth(default): client out: CONT 1
> PDI0MDc4NTQzMDc5NjU2NTIuMTE1ODAxMTkxNUBkZWI2ND4=
> auth(default): client in: CONT 1
> am9uIDViNmE4NDI5ZjUzZTQ3YTEzZmEzNjhiOThlYjI5OTFi
> auth(default): sql(jon,127.0.0.1): query: SELECT userid as user,
> password FROM users WHERE userid = 'jon'
> auth(default): password(jon,127.0.0.1): Credentials:
> auth(default): cram-md5(jon,127.0.0.1): password mismatch
> auth(default): client out: FAIL 1 user=jon
> imap-login: Disconnected: user=<jon>, method=CRAM-MD5, rip=127.0.0.1,
> lip=127.0.0.1, secured
>
>
> The login + password used for those tests are 'jon'/'jonpwd'. In the
> second example, I didn't get any Credentials, whereas in the first case
> (PLAIN scheme), the Credentials output correspond to the 'dovecotpw'
> generated password (as in `dovecotpw -s HMAC-MD5 -p jonpwd`).
> I don't know if it's normal or not.
>
>
> So, I'm not sure what to do next :/
> I use this kind of 'auth mechanism'/'password scheme' on another
> computer, with passwd-like files, and it works. So, I don't know why
> the same data, coming from another location, doesn't work.
>
>
> Any help would be greatly appreciated !
> Thanks,
>
> -- Jonathan
>
--
Andrey Panin | Linux and UNIX system administrator
pazke at donpac.ru | PGP key: wwwkeys.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20060912/a8692466/attachment-0001.pgp
More information about the dovecot
mailing list