search for: password_schemes

Hi, all. About two and a half years ago, I wrote a hack to add an additional MD5-based password scheme to Dovecot, but I wrote it as a hack to src/auth/password_scheme.c since it was relatively easy to do, and I needed to get a machine running since the machine I was replacing, a Sun Ultra 5 running Post.Office, had dying hard drives. Now, I'm actually sitting down and adapting it as a

Dear all, I send you a new email to know what is the progress of SCRAM-SHA-***(-PLUS) supports? Currently there is only SCRAM-SHA-1: https://doc.dovecot.org/configuration_manual/authentication/password_schemes/. - RFC6331: Moving DIGEST-MD5 to Historic: https://tools.ietf.org/html/rfc6331 - RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms: https://tools.ietf.org/html/rfc5802 - RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security...

Hi all, I'm a fairly recent convert to Dovecot/Postfix from Sendmail, so please be gentle (and assume I know nothing). :) I've got a Postfix/Dovecot/PostgreSQL setup with a custom DB schema for my email. This database is also used for a bigger program I use for all my hosting needs (domains, etc.). Currently, I've set it up to use plain-text authentication while I was

Hi, I followed the docs from the dovecot wiki (http://wiki2.dovecot.org/Authentication/MasterUsers) and still have some problem: 1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf 2. htpasswd -b -c -s .... to create user/password for a masteruseruser 3. checked auth-master.conf.ext When I try to test the login, I always get an "invalid credentials" in the logs with

Hello all, attached patch implements Compuserve RPA athentication mechanism. Tested with: - Eudora 6 (uses Compuserve "Virtual Key" RPA software); - TheBat! 2.11 (uses it's own RPA implementation). I hope it can be useful for someone. Best regards. -- Andrey Panin | Linux and UNIX system administrator pazke at donpac.ru | PGP key: wwwkeys.pgp.net -------------- next part

...] https://codahale.com/how-to-safely-store-a-password/ (linked from the Dovecot documentation) [2] https://www.reddit.com/r/node/comments/4u1jcn/is_bcrypt_the_best_possible_password_hashing/ [3] https://nugetmusthaves.com/Tag/bcrypt [4] https://doc.dovecot.org/configuration_manual/authentication/password_schemes/#other-schemes [5] https://github.com/dotnet/AspNetCore/blob/master/src/Identity/Extensions.Core/src/PasswordHasher.cs [6] https://github.com/dovecot/core/blob/81b5b188c478ec36bea8bda8fcad1e5f32ac612b/src/auth/password-scheme-pbkdf2.c#L50 [7] https://github.com/dovecot/core/blob/ff5305136ae74786...