[Dovecot] SSHA512 auth not working
Marcin Czupryniak
martino87rm at gmail.com
Tue Apr 16 04:54:15 EEST 2013
I'm trying to configure SSHA512 passwords and when testing discovered
that they were not working as expected.
At first i was using Centos 6.4 which doesn't have the glibc CRYPT
newest functions ($6$salt$pass) so had to rollback to the Dovecot format
({SSHA512.HEX}saltedpassword+salt ) but I'm unable to let dovecot
authenticate properly.
Some logs and details:
Apr 16 02:55:37 auth: Debug: client in: AUTH 1 PLAIN
service=imap lip=xxx rip=xxx lport=143 rport=58171
resp=AGRpbm9AYWJjLml0AGRpbm8=
Apr 16 02:55:37 auth: Debug: sql(dino at abc.it,xxxx): query: SELECT
'{SSHA512.HEX}' || password as password FROM mailboxes WHERE
fullusername='dino at abc.it'
Apr 16 02:55:37 auth: Info: sql(dino at abc.it,xxxx): Password mismatch
(given password: dino)
Apr 16 02:55:37 auth: Error: md5_verify(dino at abc.it): Not a valid
MD5-CRYPT or PLAIN-MD5 password
Apr 16 02:55:37 auth: Warning: Invalid OTP data in passdb
Apr 16 02:55:37 auth: Warning: Invalid OTP data in passdb
Apr 16 02:55:37 auth: Debug: sql(dino at abc.it,xxxx): SSHA512.HEX(dino) !=
'd449914d83c85a786bcde7114b3dfdb24a651c27956388ac641d46eaf40c86e7c95ce2534348730475c8893eab314af189b3a46bf6d76b82cfba119e920813a531e985acd35c47ca8d3cafe50b595b66'
Apr 16 02:55:39 auth: Debug: client out: FAIL 1 user=dino at abc.it
Full password as taken from database:
{SSHA512.HEX}d449914d83c85a786bcde7114b3dfdb24a651c27956388ac641d46eaf40c86e7c95ce2534348730475c8893eab314af189b3a46bf6d76b82cfba119e920813a531e985acd35c47ca8d3cafe50b595b66
The first 128 chars are the salted password, remaining 32 the salt (hex
uuid representation)
I've checked twice that the generated passwords are correct, in fact if
you salt the password (dino) you get the exact 128chars as in the stored
password but dovecot compares the full password with the salt (160
chars), is this correct?
Any ideas?
More information about the dovecot
mailing list