Authentication Problem
Odhiambo Washington
odhiambo at gmail.com
Thu Dec 20 14:10:51 EET 2018
You've made this more difficult to understand, even :-)
So the answer is:
Set the following in 10-auth.conf
1. disable_plaintext_auth = no
2. auth_mechanisms = plain
And yes, the encrypted passwords are stored in MySQL.
On Thu, 20 Dec 2018 at 13:36, Nikolai Lusan <nikolai at lusan.id.au> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Greetings
> On Thu, 2018-12-20 at 12:20 +0300, Odhiambo Washington wrote:
> > I am using SHA512-CRYPT scheme for passwords.
>
> Yeah, there is a reason MD5 has been preferred to crypt for a very long
> time now, and the SHA512 isn't really any better.
>
>
> > In my dovecot-sql.conf.ext, I have: default_pass_scheme = CRYPT
> >
> > In 10-auth.conf, I have:
> > auth_mechanisms = plain login digest-md5
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > M$ Outlook is refusing to authenticate, with error: Requested DIGEST-MD5
> > scheme, but we have only CRYPT
> > What an I missing??
>
>
> You are not advertising 3 possible auth methods, I am assuming that plain
> will use the SQL extension. Unless you are going to setup a digest-md5
> method I would remove it from the advertised methods as most clients will
> default to a digest method before selecting plain. Unless you control all
> the clients and can configure them to only use the plain method of auth (I
> would also be ensuring that you have TLS enforced in some way for this)
> then removal of the digest method is probably the best fix.
>
> If the plain and/or login methods are failing check your sql config
> includes the passdb and userdb sections.
>
>
> - --
> Nikolai Lusan <nikolai at lusan.id.au>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAlwbcFwACgkQ4ZaDRV2V
> L6T7IxAAjTQQfVngYU92oNfORwIeL6e9YZtvlLfo7V6d2PSgnzJ2Tdzyo2YA4AGy
> eApc9SoJra8IVzanv+s6yl0BJ/EXez/ugdZ5DEUzYTf7b1AVMnUYOKkCi4HeOzzx
> zttLF/Hd5ovwDRB1StNa5c1dsrN5lfwZy/cFwK+zOWwEZDBpYq3/y+IjsbWhCcW1
> DVbrSshOUaFqZwRE7MFPHiwsyNxhiG8cciglgUKf5HdRaiwx5E1Xy9gASxaqrdqg
> GZpGbI7C8sAr92OvTvZlwThSOM6+aSgGIOATRS9S1Lh9x9H14ya1LtOE9XELSQPl
> gDI/HJKBym7D8BsnEPSZ+THRwWGQ6QyACZUN8q5OZMEyzS2AGECnSTYMgv4LjqBZ
> VbAaPZBAkhsuzVoWsd4xKiN9Qv3wQykDsSq6yahqiDzTXbsCA8HPMEQvw3hISttq
> WHdibiBP8cm2/8cz+8PM1+3Q08JMVRqmDLEIQ61gmg8UWhpCPbE3royBkHaj6wOR
> GeK4mG3cwYQu0JsoKDsFr7EvABErVRzrvkiMgnz/ivORkJVVtmxyYmG4t5VIT8FD
> Hq6A/c1VJ/GYLNHNWRFMRfiXIJB7fM6K0NWK1EN34QoHNbwb5qSL+c6t/BZ5BpzK
> c9zkU31FTqtSabUHzNPje6hzHMi5eZLhcH/MCZhD3Xv5+Gwxdug=
> =LQQ1
> -----END PGP SIGNATURE-----
>
>
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181220/42676fb9/attachment-0001.html>
More information about the dovecot
mailing list