BUG: nopassword doesn't work with CRAM-MD5
Aki Tuomi
aki.tuomi at dovecot.fi
Thu Nov 17 08:19:31 UTC 2016
On 17.11.2016 10:14, Arkadiusz Miśkiewicz wrote:
> Hello.
>
> dovecot 2.2.26.0
>
> When testing nopassword extra field
> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot
> doesn't allow any password (while it should) and returns
>
> " Authentication failed"
>
> while in logs:
>
> Nov 17 08:22:34 auth-worker(1551): Info:
> sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we have
> a NULL password
>
> NULL is there because our sql query returns empty password just like wiki says
> "nopassword: you want to allow all passwords, use an empty password and this
> field. "
>
>
> If password is returned in sql query then it fails, too:
>
> Nov 17 09:00:49 auth-worker(2206): Error:
> sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is non-
> empty
>
> So looks to be a bug.
It's not a bug. CRAM-MD5 does in fact require *some* password to work,
you can either store it with doveadm pw -S CRAM-MD5 or as plain text
password.
Aki
More information about the dovecot
mailing list