absolutely_free at libero.it
2021-Dec-01 22:26 UTC
Requested CRAM-MD5 scheme, but we have only CRYPT
Hi, I wondering if I can simply disable CRAM-MD5 and/or DIGEST-MD5. Are they useful in case of SSL or TLS connections? Thankyou> Il 01/12/2021 18:42 Aki Tuomi <aki.tuomi at open-xchange.com> ha scritto: > > > auth_mechanisms = plain login digest-md5 cram-md5 > > You still advertise them though. > > Aki
Hello auth_mechanisms are only for encrypting passwords while authenticating. They have nothing to do with transport encryption aka TLS and STARTTLS. You only can use CRAM-MD5 when your authentication source provides plain passwords. As you use password hashes in your authentication source, you have to disable it. Else a client will try to send you the CRAM-MD encrypted password, which you can not check for validity. Hope this clears it a bit. Kind regards, Christian Mack On 01.12.21 23:26, absolutely_free at libero.it wrote:> Hi, > I wondering if I can simply disable CRAM-MD5 and/or DIGEST-MD5. > Are they useful in case of SSL or TLS connections? > Thankyou > >> Il 01/12/2021 18:42 Aki Tuomi <aki.tuomi at open-xchange.com> ha scritto: >> >> >> auth_mechanisms = plain login digest-md5 cram-md5 >> >> You still advertise them though. >> >> Aki-- Christian Mack Universit?t Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5351 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20211202/abd3e6a6/attachment.bin>