I'm currently experiencing a problem which has already been described by Jonathan in http://www.dovecot.org/list/dovecot/2006-August/015501.html If I use CRAM-MD5 auth with passwd-file as a backend (Thunderbird client) everything works fine (MD5-hashes have been shortened for readability): dovecot: auth(default): password(bob at foo.bar,10.0.0.123): Credentials: f12c884ba3cc82.. dovecot: imap-login: Login: user=<bob at foo.bar>, method=CRAM-MD5, rip=10.0.0.123, lip=10.0.0.234 My passwd file contains a line like this: bob at foo.bar:{HMAC-MD5}f12c884ba3cc82.. If I change to postgresql-based passdb, PLAIN auth works (!) and CRAM-MD5 does not work: dovecot: auth(default): sql(bob at foo.bar,10.0.0.123): query: SELECT 'bob at foo.bar' AS user, '{HMAC-MD5}f12c884ba3cc82..' AS password dovecot: auth(default): password(bob at foo.bar,10.0.0.123): Credentials: dovecot: auth(default): cram-md5(bob at foo.bar,10.0.0.123): password mismatch Please note the ultra-simple SELECT-statement (I've tried other combinations as well - no success). sql.conf setting is "default_pass_scheme = HMAC-MD5". Dovecot version 1.0.rc10. In the postgresql-based example the "Credentials:" variable is empty. I wonder if this is a bug in dovecot. Please let me know if you need any further information to resolve this issue. Thanks, Chris (As a side not I still do not understand how CRAM-MD5 auth is able to work without a plain text password, but that's another story. If it works with an HMAC-MD5 hash in a passwd-file backend it should work with the postgresql-db backend as well.)
Muahh, I do not want to annoy anyone with my questions, but I'm still stuck with this problem. After hours of reading code and mailing lists I still do not understand why CRAM-MD5 does not work depending on the storage you use for the passdb. This has already been discussed in http://dovecot.org/list/dovecot/2006-September/016051.html http://www.dovecot.org/list/dovecot/2006-August/015501.html but ... no solution :-( It would be really great if someone (Timo?) can drop a few words if a.) this is not possible by principle b.) this is a bug in dovecot's code (and will be fixed soon :-) ) Unfortunately my coding skills are not good enough to completely understand (fix?) the code. Let my know if I can help by other means. Chris On 10/24/06, Chris Laif <chris.laif at googlemail.com> wrote:> I'm currently experiencing a problem which has already been described > by Jonathan in http://www.dovecot.org/list/dovecot/2006-August/015501.html > > If I use CRAM-MD5 auth with passwd-file as a backend (Thunderbird > client) everything works fine (MD5-hashes have been shortened for > readability): > > dovecot: auth(default): password(bob at foo.bar,10.0.0.123): Credentials: > f12c884ba3cc82.. > dovecot: imap-login: Login: user=<bob at foo.bar>, method=CRAM-MD5, > rip=10.0.0.123, lip=10.0.0.234 > > My passwd file contains a line like this: > > bob at foo.bar:{HMAC-MD5}f12c884ba3cc82.. > > If I change to postgresql-based passdb, PLAIN auth works (!) and > CRAM-MD5 does not work: > > dovecot: auth(default): sql(bob at foo.bar,10.0.0.123): query: SELECT > 'bob at foo.bar' AS user, '{HMAC-MD5}f12c884ba3cc82..' AS password > dovecot: auth(default): password(bob at foo.bar,10.0.0.123): Credentials: > dovecot: auth(default): cram-md5(bob at foo.bar,10.0.0.123): password mismatch > > Please note the ultra-simple SELECT-statement (I've tried other > combinations as well - no success). sql.conf setting is > "default_pass_scheme = HMAC-MD5". Dovecot version 1.0.rc10. > > In the postgresql-based example the "Credentials:" variable is empty. > I wonder if this is a bug in dovecot. > > Please let me know if you need any further information to resolve this issue. > > Thanks, > Chris > > (As a side not I still do not understand how CRAM-MD5 auth is able to > work without a plain text password, but that's another story. If it > works with an HMAC-MD5 hash in a passwd-file backend it should work > with the postgresql-db backend as well.) >
Timo Sirainen
2006-Nov-02 21:19 UTC
[Dovecot] CRAM-MD5 auth broken with postgresql passdb?
On Mon, 2006-10-30 at 09:28 +0100, Chris Laif wrote:> Muahh, I do not want to annoy anyone with my questions, but I'm still > stuck with this problem. After hours of reading code and mailing lists > I still do not understand why CRAM-MD5 does not work depending on the > storage you use for the passdb. > > This has already been discussed in > http://dovecot.org/list/dovecot/2006-September/016051.html > http://www.dovecot.org/list/dovecot/2006-August/015501.html > but ... no solution :-( > > It would be really great if someone (Timo?) can drop a few words if > > a.) this is not possible by principle > b.) this is a bug in dovecot's code (and will be fixed soon :-) )I thought this sounded a bit familiar. It was fixed for LDAP a while ago. Fix here: http://dovecot.org/list/dovecot-cvs/2006-November/006661.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot/attachments/20061102/5520f5cc/attachment.pgp
Possibly Parallel Threads
- Dovecot CRAM-MD5 & DIGEST-MD5
- fts_solr: Lookup failed: 400 Bad Request / GET null null
- fts_solr: Lookup failed: 400 Bad Request / GET null null
- dovecot.conf: mechanisms = plain login cram-md5 | Windows Live Mail: CRAM-MD5 authentication failed. This could (NOT) be due to a lack of memory on your system
- CRAM-MD5