Fatal: Unknown scheme: SHA512-CRYPT. On a Mac-mini

Edgar Pettijohn III edgar at pettijohn-web.com
Fri May 1 23:28:39 UTC 2015 

On May 1, 2015, at 6:28 AM, Robert Chalmers wrote:

> Running postfix+dovecot+mysql on a mac-mini, and trying to solve this
> puzzle. Is this a Mac issue?, a MySQL issue? or something I haven't
> configured in?
> 
> You can see from the output of the samples shows in the first case, that
> SHA512-CRYPT seems to be Unknown.
> The code I used is from a Linux based tutorial on setting up
> Postfix+Dovecot+MySQL on a site. Everything is generally going ok, apart
> from this bit. There are some others unknown as well. The codes used to
> create my database of passwords follows these output examples.
> 
> 
> 
>    MacMini:~ robert$ sudo doveadm pw -s SHA512-CRYPT -p 123456
>    Fatal: Unknown scheme: SHA512-CRYPT
>    MacMini:~ robert$ sudo doveadm pw -s SHA512 -p 123456
> 
> {SHA512}ujJTh2rta8ItSm/1PYQGxq2GQZXtFEq1yHYhtsIztUi66uaVbfNG7IwX9eoQ817jy8UUeX7X3dMUVGTioLq0Ew==
>    MacMini:~ robert$ sudo doveadm pw -s SHA256 -p 123456
>    {SHA256}jZae727K08KaOmKSgOaGzww/XVqGr/PKEgIMkjrcbJI=
>    MacMini:~ robert$ sudo doveadm pw -s MD5 -p 123456
>    {MD5}$1$.mAQzPhO$6v/WxTUt.Y1lhopkMarEb0
>    MacMini:~ robert$ sudo doveadm pw -s MD5-CRYPT -p 123456
>    {MD5-CRYPT}$1$gNkYwx/o$3nQLmUIPOBmZdR/e/EXFV1
>    MacMini:~ robert$ sudo doveadm pw -s BLF-CRYPT -p 123456
>    Fatal: Unknown scheme: BLF-CRYPT
>    MacMini:~ robert$ sudo doveadm pw -s SHA512 -p 1pass66U!
> 
> {SHA512}EuuO6BAt+bgzXIOw7XIdiVBFwdEZ2tGqHOJ/DSTSkD+ikw7GQQo+KtHSta7p3KNv2AEVKtfOuyl5UeCEqnKogg==
>    MacMini:~ robert$ sudo doveadm pw -s SHA256-CRYPT -p 1pass66U!
>    Fatal: Unknown scheme: SHA256-CRYPT
>    MacMini:~ robert$ mysql --version
>    mysql  Ver 14.14 Distrib 5.6.19, for osx10.9 (x86_64) using  EditLine
> wrapper
>    MacMini:~ robert$ cd
> 
> 

Above you show {SHA512}"lots of stuff"

then the error is Unknown scheme: SHA256-CRYPT

I would say something is wrong with the passwd lookup.  Probably with your data in mysql.

Perhaps this link will help http://dev.mysql.com/doc/mysql-security-excerpt/5.6/en/sha256-authentication-plugin.html

> 
> My MySQL Version:
> 
>    mysql  Ver 14.14 Distrib 5.6.19, for osx10.9 (x86_64) using  EditLine
> wrapper
> 
> The MySQL code used to create the user/password table. Which seems to work
> fine, and creates the table as it should - even though the resulting
> password doesn't appear to be quite right for SHA512-CRYPT
> 
>    INSERT INTO `mailserver`.`virtual_users`
>      (`id`, `domain_id`, `password` , `email`)
>    VALUES
>      ('1', '1', ENCRYPT('firstpassword', CONCAT('$6$',
> SUBSTRING(SHA(RAND()), -16))), 'email1 at example.com'),
>      ('2', '1', ENCRYPT('secondpassword', CONCAT('$6$',
> SUBSTRING(SHA(RAND()), -16))), 'email2 at example.com');
> 
> 
> What it actually creates is this: This is not a SHA512-CRYPT password??
> 
>    mysql> SELECT * FROM mailserver.virtual_users;
> 
>    3 |         1 | $6jxK9DWPBrAc | robert at zeus.example.com
> 
> 
> Just to be clear,. this is the section of the Dovecot configs that deals
> with handling this. BUT.. On the MAC-Mini, SHA512-CrYPT is unknown.
> 
>    # List of supported schemes is in
>    # http://wiki2.dovecot.org/Authentication/PasswordSchemes
>    #
>    default_pass_scheme = SHA512-CRYPT
> 
> 
> So the question is, what Encryption should I be using, and is this an Apple
> thing, or a MySQL thing?

More information about the dovecot mailing list