[Dovecot] 1.0rc7 - dumb question

Odhiambo WASHINGTON odhiambo.raburu at wananchi.com
Thu Sep 14 23:52:44 EEST 2006


* On 14/09/06 21:20 +0200, Anand Buddhdev wrote:
| On Thursday 14 September 2006 21:13, Odhiambo WASHINGTON wrote:
| 
| Hi Wash,
| 
| > Hi John,
| >
| > Let me understand this correctly.
| >
| > You're saying IMAPS will work with a setting such as below??
| >
| >   auth default {
| >   mechanisms = digest-md5
| >   passdb pam {
| >        args = *
| >              }
| >   userdb passwd {
| >        args = /etc/master.passwd
| >              }
| >
| > If yes, then I am inclined to ask why POP3S would not work with the
| > same.
| >
| > Sorry, questions still dumb ;)
| 
| The above can't work (for POP or IMAP). For the DIGEST-MD5 auth 
| mechanism to work, Dovecot needs access to the plain text password. 
| However, the password is stored in an encrypted form 
| in /etc/master.passwd. With encrypted password in /etc/master.passwd, 
| you can only use the PLAIN mechanism.
| 
| What John was saying is that since the password has to be transmitted in 
| the clear for PLAIN, it's better to use transport-level security, ie. 
| IMAPS and POP3S.

Hi Anand,

Thank you very much for the clarification.

I have a setup where I have both the cleartext password and 
encrypted (md5 hash) password in a mysql database.
In this situation it would be possible to use digest-md5, yes?
But this would mean that any user not using secure authentication will fail
to authenticate or is it possible to configure dovecot to start with
a secure auth mechanism, but fall back to some none secure mechanism
in case the default one fails (although it's stupid to do this)?



-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wash at wananchi.com>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+

According to the obituary notices, a mean and unimportant person never
dies.


More information about the dovecot mailing list