[Dovecot] (no subject)
Axel Luttgens
AxelLuttgens at swing.be
Sun Jul 7 16:10:55 EEST 2013
Le 7 juil. 2013 à 11:47, Dotan Cohen a écrit :
> [...]
> $ /usr/bin/doveadm pw -u user at someDomain.com -s DIGEST-MD5
> Enter new password: # Here I have typed "12345"
> Retype new password: # Here I have typed "12345"
> {DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
> $ printf "12345" | md5sum
> 827ccb0eea8a706c4c34a16891f84e7b -
> $
Hello Dotan,
Note that md5sum calculates a hash similar to the one used by dovecot's MD5-PLAIN scheme:
$ doveadm pw -s PLAIN-MD5 -p 12345
{PLAIN-MD5}827ccb0eea8a706c4c34a16891f84e7b
> Shouldn't that password match the md5sum check?
As a result: no... ;-)
> [...]
> $ telnet mail.someDomain.com 143
> Trying x.x.x.x...
> Connected to mail.someDomain.com.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
> IDLE AUTH=PLAIN] Dovecot ready.
> a login user 12345
> [...]
I doubt this is a valid attempt:
- unless I'm wrong, the command should be authenticate (not login)
- the server doesn't seem to be configured for making use of digest-md5
You may find an example of such an authentication near the end of http://tools.ietf.org/html/rfc2831.
You might also have a look at http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5.
HTH,
Axel
More information about the dovecot
mailing list