Hello. dovecot 2.2.26.0 When testing nopassword extra field (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot doesn't allow any password (while it should) and returns " Authentication failed" while in logs: Nov 17 08:22:34 auth-worker(1551): Info: sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we have a NULL password NULL is there because our sql query returns empty password just like wiki says "nopassword: you want to allow all passwords, use an empty password and this field. " If password is returned in sql query then it fails, too: Nov 17 09:00:49 auth-worker(2206): Error: sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is non- empty So looks to be a bug. -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org )
On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote:> Hello. > > dovecot 2.2.26.0 > > When testing nopassword extra field > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot > doesn't allow any password (while it should) and returns > > " Authentication failed" > > while in logs: > > Nov 17 08:22:34 auth-worker(1551): Info: > sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we have > a NULL password > > NULL is there because our sql query returns empty password just like wiki says > "nopassword: you want to allow all passwords, use an empty password and this > field. " > > > If password is returned in sql query then it fails, too: > > Nov 17 09:00:49 auth-worker(2206): Error: > sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is non- > empty > > So looks to be a bug.It's not a bug. CRAM-MD5 does in fact require *some* password to work, you can either store it with doveadm pw -S CRAM-MD5 or as plain text password. Aki
On Thursday 17 of November 2016, Aki Tuomi wrote:> On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: > > Hello. > > > > dovecot 2.2.26.0 > > > > When testing nopassword extra field > > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 > > dovecot doesn't allow any password (while it should) and returns > > > > " Authentication failed" > > > > while in logs: > > > > Nov 17 08:22:34 auth-worker(1551): Info: > > sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we > > have a NULL password > > > > NULL is there because our sql query returns empty password just like wiki > > says "nopassword: you want to allow all passwords, use an empty > > password and this field. " > > > > > > If password is returned in sql query then it fails, too: > > > > Nov 17 09:00:49 auth-worker(2206): Error: > > sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is > > non- empty > > > > So looks to be a bug. > > It's not a bug. CRAM-MD5 does in fact require *some* password to work,Provide fake/random one for nopassword internally.> you can either store it with doveadm pw -S CRAM-MD5 or as plain text > password.Then I get> > sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is > > non- emptySo that doesn't help btw. doveadm pw -S is not documented, so no idea what it does> Aki-- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org )