[Dovecot] Postfix/mysql/dovecot - Understanding password encryption

[Robert Moskowitz]

On 12/24/2012 04:26 PM, Robert Moskowitz wrote:
> I am switching from a fedora/postfix/mysql/couriermail/squirrelmail to 
> Centos/.../dovecot/roundcubemail and adding postfixadmin to the mix.
>
> My tutorial before was an earlier version (on F14) of:
>
> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-centos-6.2-x86_64 
>
>
> Now I am using
>
> http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer 
>
>
> to get me started.  I am up to roundcubemail setup and am stumbling to 
> understand what the author here is doing with encrypted passwords, so 
> felt it was time to delve deeper into this.
>
> My old setup uses mysql-crypt for the password.
>
> MYSQL_CRYPT_PWFIELD password
>
> and users could be added to the table with:
>
> INSERT INTO `users` (`email`, `password`, `quota`) VALUES 
> ('sales at example.com', ENCRYPT('secret'), 10485760);
>
> But where this was all simple and no choices, I get to figure out what 
> to do with my dovecot setup.
>
> Some of the 'secret' is hinted at in postfixadmin's config.inc.php:
>
> // Encrypt
> // In what way do you want the passwords to be crypted?
> // md5crypt = internal postfix admin md5
> // md5 = md5 sum of the password
> // system = whatever you have set as your PHP system default
> // cleartext = clear text passwords (ouch!)
> // mysql_encrypt = useful for PAM integration
> // authlib = support for courier-authlib style passwords
> // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: 
> dovecot:CRAM-MD5
> $CONF['encrypt'] = 'md5crypt';
>
> Where is there information on the different choices and how to choose.
>
> Is it as 'simple' as setting up postfixadmin to control the password 
> encryption format then 'inform' dovecot in the dovecot-mysql.conf with
>
> default_pass_scheme = MD5-CRYPT
>

Oh, the dovecot.conf has the line:

auth_mechanisms = plain login

Which adds to my confusion.