[Dovecot] Dovecot CRAM-MD5 & DIGEST-MD5

Proskurin Kirill k.proskurin at fxclub.org
Tue Jul 8 18:39:38 EEST 2008 

Hello all.

Im try to make a SMTP Auth using Docecot SASL.
Im use swaks for tests.

Im store users in LDAP.
As im understand for CRAM & DIGEST MD5 we need to store pass in a clear 
text?... Ok.

mail: admin3 at domain.off
userPassword: 123 <- Clear text


What im do


%swaks -a CRAM-MD5 -au admin3 at domain.off -ap 123
To: admin3 at domain.off
=== Trying mx.domain.off:25...
=== Connected to mx.domain.off.
<-  220 mx.domain.off ESMTP Exim 4.69 Tue, 08 Jul 2008 19:14:24 +0000
  -> EHLO mx.domain.off
<-  250-mx.domain.off Hello mx.domain.off [172.16.1.19]
<-  250-SIZE 13631488
<-  250-PIPELINING
<-  250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
<-  250-STARTTLS
<-  250 HELP
  -> AUTH CRAM-MD5
<-  334 PDM4ODYwNTQ1MjEzMTA3NDEuMTIxNTU0NDQ2NEBteC5kb21haW4ub2ZmPg==
  -> YWRtaW4zQGRvbWFpbi5vZmYgMGJlYzIzOTA5Zjg4OTc3MDdkYTJmZmNmOTEzMDBhMmM=
<** 535 Incorrect authentication data
*** No authentication type succeeded
  -> QUIT
<-  221 mx.domain.off closing connection
=== Connection closed with remote host.


Exim says:

SMTP<< AUTH CRAM-MD5
  9657 dovecot authentication
  9657 AUTH      12      CRAM-MD5        service=smtp    secured 
rip=172.16.1.19 lip=172.16.1.19 resp=
  9657 received: CONT    12 
PDM0MTMzMjg1NTUyOTE0MjMuMTIxNTU0NDcwMUBteC5kb21haW4ub2ZmPg==
  9657 SMTP>> 334 
PDM0MTMzMjg1NTUyOTE0MjMuMTIxNTU0NDcwMUBteC5kb21haW4ub2ZmPg==
  9657 received: FAIL    12      user=admin3 at domain.off
  9657 SMTP>> 535 Incorrect authentication data
  9657   auth_cram_md5 authenticator failed for mx.domain.off 
[172.16.1.19] I=[172.16.1.19]:26: 535 Incorrect authentication data 
(set_id=admin3 at domain.off)
  9657 SMTP<< QUIT


Dovecot logs:

Info: auth(default): new auth connection: pid=9713
Info: auth(default): client in: AUTH   11      CRAM-MD5 
service=smtp    secured rip=172.16.1.19 lip=172.16.1.19 resp=<hidden>
Info: auth(default): client out: CONT  11 
PDU5MjUzNjc0Mjg1NDAyNjUuMTIxNTU0NDkyN0BteC5kb21haW4ub2ZmPg==
Info: auth(default): client in: CONT<hidden>
Info: auth(default): ldap(admin3 at domain.off,172.16.1.19): pass search: 
base=dc=Virtual-Domains,dc=DOMAIN scope=subtree 
filter=(&(objectClass=mailUser)(mail=admin3 at domain.off)) 
fields=mail,userPassword
Info: auth(default): ldap(admin3 at domain.off,172.16.1.19): result: 
mail(user)=admin3 at domain.off userPassword(password)=<hidden>
Error: auth(default): password(admin3 at domain.off,172.16.1.19): Invalid 
password format for scheme CRAM-MD5
Info: auth(default): client out: FAIL  11      user=admin3 at domain.off

---
password(admin3 at domain.off,172.16.1.19): Invalid password format for 
scheme CRAM-MD5

Hm... as im see - something wrong in my dovecot-ldap.conf ?
Main idea of it is mail = user, userPassword = password.


dovecot-ldap.conf:

hosts = 127.0.0.1
dn = uid=Dovecot,ou=System-Users,dc=DOMAIN
dnpass = 123
debug_level = 0
ldap_version = 3
base = dc=Virtual-Domains,dc=DOMAIN
deref = never
scope = subtree
user_attrs =
user_filter = (&(objectClass=mailUser)(mail=%u))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=mailUser)(mail=%u))
default_pass_scheme = CRAM-MD5


Dovecot logs with debug_level=1 in attachment.


Help me please - I running out of ideas. :-(

-- 
Best regards,
Proskurin Kirill
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug.txt
Url: http://dovecot.org/pipermail/dovecot/attachments/20080708/944ad1a1/attachment.txt

More information about the dovecot mailing list