Hello,
I have a working installation of Dovecot, which use passwd-file for both users
and passwords databases. My setup uses CRAM-MD5 for the authentification
mechanism and the password in my passwd-file was stored encoded with HMAC-MD5.
Now, I want to use Postgresql to replace those passwd-files. So I make the
necessary change in my dovecot.conf file :
========================================userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
========================================
In the dovecot-sql.conf file, I comment out the simplest query, and change the
default_pass_scheme to HMAC-MD5 (as in my previous setup).
I put my users from the passwd-file into my database, with the same user id, and
the same password (starting with {HMAC-MD5}) ...
... but it fails :( The log file says to me :
=========dovecot: 2006-08-14 15:36:12 Info: auth(default): cram-md5(jon,xxx):
password
mismatch
=========
I tried several other password schemes (DIGEST-MD5, PLAIN-MD5, PLAIN), but only
PLAIN seems to work (of course, I changed the password in the database
accordingly).
The documentation isn't very clear about this (or I don't find it ?) :
- in an "old" auth.txt, it is written that only PLAIN is supported,
but I don't
knwo if I can trust it ?
- I've got an old dovecot-pgsql.conf (2004, maybe from dovecot 0.9x ?),
which
said that supported scheme are "PLAIN, PLAIN-MD5, DIGEST-MD5, and
CRYPT"
So, what I am doing wrong ? And what is correct (or not) in my previous search ?
Regards,
-- Jonathan
On Mon, 2006-08-14 at 13:48 +0000, Jonathan Ballet wrote:> In the dovecot-sql.conf file, I comment out the simplest query, and change the > default_pass_scheme to HMAC-MD5 (as in my previous setup). > I put my users from the passwd-file into my database, with the same user id, and > the same password (starting with {HMAC-MD5}) ...default_pass_scheme doesn't really matter if your passwords start with {HMAC-MD5} but it doesn't hurt either..> dovecot: 2006-08-14 15:36:12 Info: auth(default): cram-md5(jon,xxx): password > mismatchSet auth_debug_passwords=yes and see what it shows? I guess it's reading the password wrong somehow. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060816/edc7915a/attachment.bin>
Timo Sirainen a ?crit :> On Mon, 2006-08-14 at 13:48 +0000, Jonathan Ballet wrote: >> In the dovecot-sql.conf file, I comment out the simplest query, and change the >> default_pass_scheme to HMAC-MD5 (as in my previous setup). >> I put my users from the passwd-file into my database, with the same user id, and >> the same password (starting with {HMAC-MD5}) ... > > default_pass_scheme doesn't really matter if your passwords start with > {HMAC-MD5} but it doesn't hurt either..That's what I thought, but I wanted to be sure.>> dovecot: 2006-08-14 15:36:12 Info: auth(default): cram-md5(jon,xxx): password >> mismatch > > Set auth_debug_passwords=yes and see what it shows? I guess it's reading > the password wrong somehow.I tried this too. It give me two new lines : auth(default): client out: CONT 1 PDk2NTIzNjgzNjk [...] auth(default): client in: CONT 1 am9uIGYwN2EyYzM [...] However, I don't know what to do with it :/ Passwords are clearly not the same. I must be missing something, but I don't know what :( Thanks, -- Jonathan