[Dovecot] dovecot.conf: mechanisms = plain login cram-md5 | Windows Live Mail: CRAM-MD5 authentication failed. This could (NOT) be due to a lack of memory on your system
Jerrale G
jerrale at sheltoncomputers.com
Sun Aug 8 07:39:55 EEST 2010
On 8/7/2010 11:38 PM, Gary V wrote:
> On 8/7/10, Jerrale G wrote:
>
>> /etc/dovecot.conf:
>>
>> auth default {
>> mechanisms=plain login cram-md5
>> passdb {
>> #..............
>>
>> Windows Live Mail:
>> CRAM-MD5 authentication failed. This could be due to a lack of memory on
>> your system.
>> Your IMAP command could not be sent to the server, due to non-network
>> errors. This could, for example, indicate a lack of memory on your system.
>>
>> Configuration:
>> Account: Sheltoncomputers (testuser)
>> Server: mail.sheltoncomputers.com
>> User name: testuser at sheltoncomputers.com
>> Protocol: IMAP
>> Port: 993
>> Secure(SSL): 1
>> Code: 800cccdf
>>
>> The console I'm using is 4 GB ram; so, this dumb error of windoze dead mail
>> is irrelevant. The other mechanisms of TLS/no tls plain login work fine. The
>> passwords are stored in mysql as md5(password) but this works on others not
>> using cram-md5 (secure login of the client). I'm trying to support a
>> plethora of mechanisms for the convenience of the customer and .
>>
>> Jerrale G.
>> Senior Admin
>>
>>
> I'm no expert, but if I'm not mistaken, cram-md5 requires a plain text
> shared secret. I quote from
> http://www.sendmail.org/~ca/email/cyrus2/components.html:
>
> "Shared Secret Mechanisms - For these mechanisms, such as CRAM-MD5,
> DIGEST-MD5, and SRP, there is a shared secret between the server and
> client (e.g. a password). However, in this case the password itself
> does not travel on the wire. Instead, the client passes a server a
> token that proves that it knows the secret (without actually sending
> the secret across the wire). For these mechanisms, the server
> generally needs a plaintext equivalent of the secret to be in local
> storage (not true for SRP)."
>
> The auth default section of my dovecot.conf looks like:
>
> auth default {
> mechanisms = plain login cram-md5
> passdb sql {
> args = /etc/dovecot/dovecot-sql.conf
> }
> passdb sql {
> args = /etc/dovecot/dovecot-crammd5.conf
> }
> userdb sql {
> args = /etc/dovecot/dovecot-sql.conf
> }
> user = root
> socket listen {
> master {
> path = /var/run/dovecot/auth-master
> mode = 0600
> user = vmail
> }
> client {
> path = /var/spool/postfix/private/auth
> mode = 0660
> user = postfix
> group = postfix
> }
> }
> }
>
>
> With an /etc/dovecot/dovecot-crammd5.conf that might look something like this:
>
> driver = mysql
> connect = host=127.0.0.1 dbname=postfix user=postfix password=password
> default_pass_scheme = PLAIN
> password_query = SELECT clear AS password FROM mailbox WHERE username
> = '%u' AND active = '1'
>
> With an added field to store a plain text password (I called it "clear").
>
>
I guess I was just wondering how I had the md5 in mysql working and I'm
aware of the salt sometimes required for md5 but only digest-md5. I
realized I had guessed correctly on initial setup to have, in
mysql.conf, default_pass_scheme = MD5 ; I incorrectly thought cram-md5
had to be as one of the auth default mechanisms to read md5 from mysql
correctly.
I guess I need to create a new "auth crammd5 {}" and setup mysql to have
the current password field to bet a function of the new clear field,
automatically creating the md5 from the clear password field. I will use
default_password_scheme=CLEAR, fetch from the clear, and setup
dovecot.conf auth crammd5 with the settings you suggested.
Thanks,
J. G.
More information about the dovecot
mailing list