Requested CRAM-MD5 scheme, but we have only CRYPT
Christian Mack
christian.mack at uni-konstanz.de
Thu Dec 2 09:11:45 UTC 2021
Hello
auth_mechanisms are only for encrypting passwords while authenticating.
They have nothing to do with transport encryption aka TLS and STARTTLS.
You only can use CRAM-MD5 when your authentication source provides plain
passwords.
As you use password hashes in your authentication source, you have to
disable it.
Else a client will try to send you the CRAM-MD encrypted password, which
you can not check for validity.
Hope this clears it a bit.
Kind regards,
Christian Mack
On 01.12.21 23:26, absolutely_free at libero.it wrote:
> Hi,
> I wondering if I can simply disable CRAM-MD5 and/or DIGEST-MD5.
> Are they useful in case of SSL or TLS connections?
> Thankyou
>
>> Il 01/12/2021 18:42 Aki Tuomi <aki.tuomi at open-xchange.com> ha scritto:
>>
>>
>> auth_mechanisms = plain login digest-md5 cram-md5
>>
>> You still advertise them though.
>>
>> Aki
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5351 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20211202/abd3e6a6/attachment.bin>
More information about the dovecot
mailing list