Hi, my dovecot installation works since months and clients authenticate using CRAM-MD5. But today I got the first chance to test an client that supports DIGEST-MD5 - and it doesn't work. Because of lack of other supporting clients and servers I'm now at the point I don't know which side is to blame. The error I get after the client answers the servers challenge is "-ERR Authentication failed: Missing nonce parameter". Though I don't know how DIGEST-MD5 works I wonder about the message because the clients answer contains a nonce parameter (captured with tcpdump): YXV0aHppZD0ib3RycyIsY2hhcnNldD11dGYtOCxjbm9uY2U9IjFlOTZkYmZiZWEwZjUxNmVhZjEyYmM0NjU1M2JmZjVlIixkaWdlc3QtdXJpPSJwb3AzL25hbm8iLG5jPTAwMDAwMDAxLG5vbmNlPSJPVGpGWmhjS2FIVjZSVGMyZlRDTXJ3PT0iLHFvcD1hdXRoLHJlYWxtPSIiLHJlc3BvbnNlPTVmMTQyZWVlN2FmMWVmYTJhYWI5ZmM0ODNiOGJjOTJhLHVzZXJuYW1lPSJvdHJzIg= authzid="otrs",charset=utf-8,cnonce="1e96dbfbea0f516eaf12bc46553bff5e", digest-uri="pop3/nano",nc=00000001,nonce="OTjFZhcKaHV6RTc2fTCMrw==", qop=auth,realm="",response=5f142eee7af1efa2aab9fc483b8bc92a,username="otrs" Client is a Perl script using Net::POP3 and Authen::SASL Modules Dovecot is version 0.99.14 - I know it's old and not supported. If one tells me the bug is known and fixed in 1.0rc, then I'll think about upgrading, but I just to test I don't want to change my running system. Regards, J?rgen
J?rgen Herz wrote:> > my dovecot installation works since months and clients authenticate > > using CRAM-MD5. But today I got the first chance to test an client > > that supports DIGEST-MD5 - and it doesn't work. Because of lack of > > other supporting clients and servers I'm now at the point I don't > > know which side is to blame. > > > > The error I get after the client answers the servers challenge is > > "-ERR Authentication failed: Missing nonce parameter".Ok, now I tested it against fresh compiled dovecot 1.0rc7 and get a simple "-ERR Authentication failed." Server Challenge was (decoded) realm="",nonce="S5hbmt7qeaQYOS/OLKOsYg==",qop="auth",charset="utf-8", algorithm="md5-sess" And client response (decoded) authzid="juergen",charset=utf-8,cnonce="7c1c927e756c9067dbf412c964a823c1", digest-uri="pop/pico",nc=00000001,nonce="S5hbmt7qeaQYOS/OLKOsYg==", qop=auth,realm="",response=fed55b47609e097fdf7d145635e845ff,username="juergen" Full log on request. Client was again the Perl script using Net::POP3 and Authen::SASL Modules. I had that SASL-lib yesterday successfully tested in a SMTP client authenticating for Postfix with DIGEST-MD5. On the other hand, Dovecots DIGEST-MD5 mechanism works with KMail as I was able to test today. Anyone else who has noticed incompatibilites with Dovecots DIGEST-MD5? Regards, J?rgen