dovecot - Dec 2012 - Postfix/mysql/dovecot - Understanding password encryption

I am switching from a fedora/postfix/mysql/couriermail/squirrelmail to 
Centos/.../dovecot/roundcubemail and adding postfixadmin to the mix.

My tutorial before was an earlier version (on F14) of:

http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-centos-6.2-x86_64

Now I am using

http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer

to get me started.  I am up to roundcubemail setup and am stumbling to 
understand what the author here is doing with encrypted passwords, so 
felt it was time to delve deeper into this.

My old setup uses mysql-crypt for the password.

MYSQL_CRYPT_PWFIELD password

and users could be added to the table with:

INSERT INTO `users` (`email`, `password`, `quota`) VALUES 
('sales at example.com', ENCRYPT('secret'), 10485760);

But where this was all simple and no choices, I get to figure out what 
to do with my dovecot setup.

Some of the 'secret' is hinted at in postfixadmin's config.inc.php:

// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
// md5 = md5 sum of the password
// system = whatever you have set as your PHP system default
// cleartext = clear text passwords (ouch!)
// mysql_encrypt = useful for PAM integration
// authlib = support for courier-authlib style passwords
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: 
dovecot:CRAM-MD5
$CONF['encrypt'] = 'md5crypt';

Where is there information on the different choices and how to choose.

Is it as 'simple' as setting up postfixadmin to control the password 
encryption format then 'inform' dovecot in the dovecot-mysql.conf with

default_pass_scheme = MD5-CRYPT

Thank you for any pointers.

On 12/24/2012 04:26 PM, Robert Moskowitz wrote:
> I am switching from a fedora/postfix/mysql/couriermail/squirrelmail to 
> Centos/.../dovecot/roundcubemail and adding postfixadmin to the mix.
>
> My tutorial before was an earlier version (on F14) of:
>
>
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-centos-6.2-x86_64
>
>
> Now I am using
>
>
http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer
>
>
> to get me started.  I am up to roundcubemail setup and am stumbling to 
> understand what the author here is doing with encrypted passwords, so 
> felt it was time to delve deeper into this.
>
> My old setup uses mysql-crypt for the password.
>
> MYSQL_CRYPT_PWFIELD password
>
> and users could be added to the table with:
>
> INSERT INTO `users` (`email`, `password`, `quota`) VALUES 
> ('sales at example.com', ENCRYPT('secret'), 10485760);
>
> But where this was all simple and no choices, I get to figure out what 
> to do with my dovecot setup.
>
> Some of the 'secret' is hinted at in postfixadmin's
config.inc.php:
>
> // Encrypt
> // In what way do you want the passwords to be crypted?
> // md5crypt = internal postfix admin md5
> // md5 = md5 sum of the password
> // system = whatever you have set as your PHP system default
> // cleartext = clear text passwords (ouch!)
> // mysql_encrypt = useful for PAM integration
> // authlib = support for courier-authlib style passwords
> // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example:
> dovecot:CRAM-MD5
> $CONF['encrypt'] = 'md5crypt';
>
> Where is there information on the different choices and how to choose.
>
> Is it as 'simple' as setting up postfixadmin to control the
password
> encryption format then 'inform' dovecot in the dovecot-mysql.conf
with
>
> default_pass_scheme = MD5-CRYPT
>
Oh, the dovecot.conf has the line:

auth_mechanisms = plain login

Which adds to my confusion.