Yubao Liu
2012-Jan-05 18:23 UTC
[Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs
Hi all,
I have no idea about that message, here is my configuration, what's wrong?
Debian testing, Dovecot 2.0.15
$ doveconf -n
# 2.0.15: /etc/dovecot/dovecot.conf
# OS: Linux 3.1.0-1-686-pae i686 Debian wheezy/sid
auth_default_realm = corp.example.com
auth_krb5_keytab = /etc/dovecot.keytab
auth_master_user_separator = *
auth_mechanisms = gssapi digest-md5
auth_realms = corp.example.com
auth_username_format = %n
first_valid_gid = 1000
first_valid_uid = 1000
mail_location = mdbox:/srv/mail/%u/Mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
driver = pam
}
plugin {
sieve = /srv/mail/%u/.dovecot.sieve
sieve_dir = /srv/mail/%u/sieve
}
protocols = " imap lmtp sieve"
service auth {
unix_listener auth-client {
group = Debian-exim
mode = 0660
}
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
args = home=/srv/mail/%u
driver = passwd
}
protocol lmtp {
mail_plugins = " sieve"
}
protocol lda {
mail_plugins = " sieve"
}
# cat /etc/dovecot/master-users
xxx at corp.example.com:zzzzzzzz
The zzzzz is obtained by "doveadm pw -s digest-md5 -u xxx at
corp.example.com",
I tried to add prefix "{DIGEST-MD5}" before the generated hash and/or
add
"scheme=DIGEST-MD5" to the passwd-file passdb's "args"
option, both
don't help.
The error message:
dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled)
dovecot: auth: Fatal: DIGEST-MD5 mechanism can't be supported with given
passdbs
gold dovecot: master: Error: service(auth): command startup failed,
throttling
I opened debug auth log, it showed dovecot read /etc/dovecot/master-users
and parsed one line, then the error occurred. Doesn't passwd-file
passdb support
digest-md5 password scheme? If it doesn't support, how do I configure
digest-md5 auth
mechanism with digest-md5 password scheme for virtual users?
Regards,
Yubao Liu
Nick Rosier
2012-Jan-06 10:52 UTC
[Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs
Yubao Liu wrote:> Hi all, > > I have no idea about that message, here is my configuration, what's wrong?You have 2 passdb entries; 1 with a file and 1 with pam. I'm pretty sure PAM doesn't support DIGEST-MD5 authentication. Could be the cause of the problem.> Debian testing, Dovecot 2.0.15 > > $ doveconf -n > # 2.0.15: /etc/dovecot/dovecot.conf > # OS: Linux 3.1.0-1-686-pae i686 Debian wheezy/sid > auth_default_realm = corp.example.com > auth_krb5_keytab = /etc/dovecot.keytab > auth_master_user_separator = * > auth_mechanisms = gssapi digest-md5 > auth_realms = corp.example.com > auth_username_format = %n > first_valid_gid = 1000 > first_valid_uid = 1000 > mail_location = mdbox:/srv/mail/%u/Mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > passdb { > args = /etc/dovecot/master-users > driver = passwd-file > master = yes > pass = yes > } > passdb { > driver = pam > } > plugin { > sieve = /srv/mail/%u/.dovecot.sieve > sieve_dir = /srv/mail/%u/sieve > } > protocols = " imap lmtp sieve" > service auth { > unix_listener auth-client { > group = Debian-exim > mode = 0660 > } > } > ssl_cert = </etc/ssl/certs/dovecot.pem > ssl_key = </etc/ssl/private/dovecot.pem > userdb { > args = home=/srv/mail/%u > driver = passwd > } > protocol lmtp { > mail_plugins = " sieve" > } > protocol lda { > mail_plugins = " sieve" > } > > # cat /etc/dovecot/master-users > xxx at corp.example.com:zzzzzzzz > > The zzzzz is obtained by "doveadm pw -s digest-md5 -u > xxx at corp.example.com", > I tried to add prefix "{DIGEST-MD5}" before the generated hash and/or add > "scheme=DIGEST-MD5" to the passwd-file passdb's "args" option, both > don't help. > > The error message: > dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled) > dovecot: auth: Fatal: DIGEST-MD5 mechanism can't be supported with given > passdbs > gold dovecot: master: Error: service(auth): command startup failed, > throttling > > I opened debug auth log, it showed dovecot read /etc/dovecot/master-users > and parsed one line, then the error occurred. Doesn't passwd-file > passdb support > digest-md5 password scheme? If it doesn't support, how do I configure > digest-md5 auth > mechanism with digest-md5 password scheme for virtual users? > > Regards, > Yubao Liu >Rgds, N.