dovecot - Jan 2013 - Confused about "Authentication Mechanism" and "Password Schemes"

Hi,

I am currently setting up a Mailserver and decided to use Dovecot as 
IMAP/POP3-Server. I read the wiki an thought about how to transmit and 
store the passwords (I want to use a MySQL-database).

I want to use encrypted transmission and encrypted storage. The wiki says:

"If you want to use only one non-plaintext mechanism, you can store the 
passwords using the mechanism's own password scheme. "

Ok, one secure mechanism is acceptable in my scenario and the wiki gives 
a list of supported authentication mechanisms and a list of supported 
password schemes.

But I am missing the relation between the two lists, which mechanism 
expects which storage scheme?

Did I overlooked any easy answer (other then "read the RFCs").

Best Regards
Thomas

On 10.01.2013 12:44, Thomas Pries wrote: 
> Hi,
> 
> I am currently
setting up a Mailserver and decided to use Dovecot as 
>
IMAP/POP3-Server. I read the wiki an thought about how to transmit and
> store the passwords (I want to use a MySQL-database).
> 
> I want to
use encrypted transmission and encrypted storage. The wiki
says:
> 
>
"If you want to use only one non-plaintext mechanism, you can store the
> passwords using the mechanism's own password scheme. "
> 
> Ok, one
secure mechanism is acceptable in my scenario and the wiki gives
> a
list of supported authentication mechanisms and a list of supported
>
password schemes.
> 
> But I am missing the relation between the two
lists, which mechanism 
> expects which storage scheme?
> 
> Did I
overlooked any easy answer (other then "read the
RFCs").
> 
> Best
Regards
> Thomas
Hi Thomas, 

its quite simple. If you store the
passwords in database in plain text then your server can use any
authentication algorithm available. however if you store
encrypted/hashed passwords, then the only two available authentication
algorithms is: plain as the dovecot needs to properly encode the
password 

Regards, 

M