Need help in understanding auth digest-md5 and realm

Admin Beckspaced admin at beckspaced.com
Fri Oct 27 18:00:13 EEST 2017 

Hello dovecot community,

I've setup dovecot and need a bit help in understanding the auth 
mechanism digest-md5 and realm

in 10-auth.conf I got

auth_mechanisms = plain login digest-md5 cram-md5 apop
#auth_realms =
#auth_default_realm =

So i got empty realms.

Auth normally works fine and clients can auth with mechanism digest-md5 
and I see the following log entries:

dovecot: auth: Debug: 
sql(user at temizbau.de,46.85.229.153,<klUjO3FcTy8uVeWZ>): Generating 
DIGEST-MD5 from user 'user at temizbau.de', password 'xxxx'
dovecot: auth: Debug: 
sql(user at gruene-wiesentheid.de,87.168.26.5,<ISVLQXFcT/xXqBoF>): 
Generating DIGEST-MD5 from user 'user at gruene-wiesentheid.de@', password 
'xxxxxxxxxx'
dovecot: auth: Debug: 
sql(user at vitaler-genuss.de,81.209.203.170,<tzxyT3FcT9RR0cuq>): 
Generating DIGEST-MD5 from user 'user at vitaler-genuss.de', password 
'xxxxxxxxxxx'

But sometimes clients get a password mismatch and I the see the 
following log entries:

dovecot: auth: Debug: 
sql(user at temizbau.de,80.187.103.15,<adzhAnVclmxQu2cP>): Generating 
DIGEST-MD5 from user 'user at temizbau.de@mail.beckspaced.com', password 'xxxx'
dovecot: auth: Debug: 
sql(user at thansadet.com,87.218.86.165,<LWItYHVc6r1X2lal>): Generating 
DIGEST-MD5 from user 'user at thansadet.com@mail.beckspaced.com', password 
'xxxxxxxxxx'
dovecot: auth: Debug: 
sql(user at plaa-thansadetresort.com,110.164.127.146,<aGhcvHBcStJupH+S>): 
Generating DIGEST-MD5 from user 
'user at plaa-thansadetresort.com@imap.beckspaced.com', password 'xxxxxxxxxx'

when there's a password mismatch I see a different user string for 
generating the digest-md5 hash.
i suppose users use a different mail client and the mail client does 
things differently?

How can I fix this password mismatch thing?

Do i just need to set an auth_realms of some random string in the 
10-auth.conifig
Or does the auth_realms need to be a host name? Domain name of some sort?

For the moment I just removed the digest-md5 mechanism ...
Or could I just simply not offer that mechanism?

If someone could shed some light on this I would be more than grateful ;)

Thanks & greetings
Becki

More information about the dovecot mailing list