search for: password_schem

Hi, all. About two and a half years ago, I wrote a hack to add an additional MD5-based password scheme to Dovecot, but I wrote it as a hack to src/auth/password_scheme.c since it was relatively easy to do, and I needed to get a machine running since the machine I was replacing, a Sun Ultra 5 running Post.Office, had dying hard drives. Now, I'm actually sitting down and adapting it as a module and am having trouble getting it to work. The code tarball it...

Dear all, I send you a new email to know what is the progress of SCRAM-SHA-***(-PLUS) supports? Currently there is only SCRAM-SHA-1: https://doc.dovecot.org/configuration_manual/authentication/password_schemes/. - RFC6331: Moving DIGEST-MD5 to Historic: https://tools.ietf.org/html/rfc6331 - RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: https://tools.ietf.org/html/rfc5802 - RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Securit...

Hi all, I'm a fairly recent convert to Dovecot/Postfix from Sendmail, so please be gentle (and assume I know nothing). :) I've got a Postfix/Dovecot/PostgreSQL setup with a custom DB schema for my email. This database is also used for a bigger program I use for all my hosting needs (domains, etc.). Currently, I've set it up to use plain-text authentication while I was

Hi, I followed the docs from the dovecot wiki (http://wiki2.dovecot.org/Authentication/MasterUsers) and still have some problem: 1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf 2. htpasswd -b -c -s .... to create user/password for a masteruseruser 3. checked auth-master.conf.ext When I try to test the login, I always get an "invalid credentials" in the logs with

...*password, + const char *user __attr_unused__) +{ + return strcasecmp(password, password_generate_rpa(plaintext)) == 0; +} + +static const char *rpa_generate(const char *plaintext, + const char *user __attr_unused__) +{ + return password_generate_rpa(plaintext); +} + static const struct password_scheme default_schemes[] = { { "CRYPT", crypt_verify, crypt_generate }, { "MD5", md5_verify, md5_generate }, @@ -439,6 +451,7 @@ static const struct password_scheme defa { "LDAP-MD5", ldap_md5_verify, ldap_md5_generate }, { "LANMAN", lm_verify, lm_generate...

...] https://codahale.com/how-to-safely-store-a-password/ (linked from the Dovecot documentation) [2] https://www.reddit.com/r/node/comments/4u1jcn/is_bcrypt_the_best_possible_password_hashing/ [3] https://nugetmusthaves.com/Tag/bcrypt [4] https://doc.dovecot.org/configuration_manual/authentication/password_schemes/#other-schemes [5] https://github.com/dotnet/AspNetCore/blob/master/src/Identity/Extensions.Core/src/PasswordHasher.cs [6] https://github.com/dovecot/core/blob/81b5b188c478ec36bea8bda8fcad1e5f32ac612b/src/auth/password-scheme-pbkdf2.c#L50 [7] https://github.com/dovecot/core/blob/ff5305136ae747...