Matthew Reimer
2003-Nov-17 22:53 UTC
[Dovecot] Problem with DIGEST-MD5 authentication and plainte xt passwords
Maikel Verheijen wrote:> For what it's worth: > > We use postgres userlookups, and use an older version of dovecot (an old > cvs version of around 0.99.9.1), and we DO use digest-md5 password > encryption in the database and realms. It seems to work flawlessly in > our situation, I used kmail, evolution, apple-mail, entourage, outlook, > outlook-express and mutt. > > > Have there been changes in the digest-md5 code since 0.99.9.1 ? > > > Kind regards, > > > Maikel Verheijen > Ladot Nederland BV.The problem is not with passwords that are stored in the db in digest-md5 format (i.e., as an md5 hash of user:realm:password), but with dovecot's password_generate() that takes the username and password and hashes it on the fly. Matt
Maikel Verheijen
2003-Nov-18 07:19 UTC
[Dovecot] Problem with DIGEST-MD5 authentication and plainte xt passwords
Ow, I am sorry, you mean when you actually LOG IN to a machine with digest-md5? My apologies! Maikel. On Nov 17, 2003, at 11:53 PM, Matthew Reimer wrote:> Maikel Verheijen wrote: >> For what it's worth: >> We use postgres userlookups, and use an older version of dovecot (an >> old cvs version of around 0.99.9.1), and we DO use digest-md5 >> password encryption in the database and realms. It seems to work >> flawlessly in our situation, I used kmail, evolution, apple-mail, >> entourage, outlook, outlook-express and mutt. >> Have there been changes in the digest-md5 code since 0.99.9.1 ? >> Kind regards, >> Maikel Verheijen >> Ladot Nederland BV. > > The problem is not with passwords that are stored in the db in > digest-md5 format (i.e., as an md5 hash of user:realm:password), but > with dovecot's password_generate() that takes the username and > password and hashes it on the fly. > > Matt