search for: scram

Hello Stephan, Thanks for the link about SCRAM-SHA-256, good news for this point, hope a merge soon :) I am from this page: https://wiki.dovecot.org/Authentication/PasswordSchemes ^^ The -PLUS variant for all SCRAM is not possible too for have (with other SCRAM): SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-P...

Dear all, I send you a new email to know what is the progress of SCRAM-SHA-***(-PLUS) supports? Currently there is only SCRAM-SHA-1: https://doc.dovecot.org/configuration_manual/authentication/password_schemes/. - RFC6331: Moving DIGEST-MD5 to Historic: https://tools.ietf.org/html/rfc6331 - RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and...

Hello all, I would like to know if it is possible to add SCRAM-SHA-256 and SCRAM-SHA-512 supports? RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication and Security Layer (SASL) Mechanisms https://tools.ietf.org/html/rfc7677 Thanks in advance. Regards, Neustradamus -------------- next part -------------- An HTML attachment was scrubbed... U...

...omi: >>> On 16 December 2018 at 10:27 Tributh via dovecot <dovecot at dovecot.org> wrote: >>> >>> >>> Hi, >>> is that here the right place to make feature requests? >>> >>> dovecot supports as authentication mechanism >>> SCRAM-SHA-1 from RFC 5802 >>> which was updated to >>> SCRAM-SHA-256 in RFC 7677 >>> >>> Can SCRAM-SHA-256 be added to the authentication mechanisms? >>> >>> I would not like to request, that SCRAM-SHA-1 will be exchanged by >>> SCRAM-SHA-256...

> On 16 December 2018 at 10:27 Tributh via dovecot <dovecot at dovecot.org> wrote: > > > Hi, > is that here the right place to make feature requests? > > dovecot supports as authentication mechanism > SCRAM-SHA-1 from RFC 5802 > which was updated to > SCRAM-SHA-256 in RFC 7677 > > Can SCRAM-SHA-256 be added to the authentication mechanisms? > > I would not like to request, that SCRAM-SHA-1 will be exchanged by > SCRAM-SHA-256, since several applications only support SCRAM-SHA-1...

Dear all, I use Dovecot SASL (2.1.15) on Ubuntu 12.04 for IMAP authentication and Postfix SASL authentication. I tried to setup SCRAM-SHA-1 as SASL mechanism. This works well on Dovecot's client side towards my OpenLDAP server (with libsasl-2), but fails on the server side (IMAP and SMTP). In the following, there's an extract from Dovecot's log, when using mutt as SMTP client: dovecot: auth: Debug: auth client connec...

Op 20/01/2019 om 00:45 schreef - Neustradamus -: > Hello all, > > I would like to know if it is possible to add SCRAM-SHA-256 and > SCRAM-SHA-512 supports? > > RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication > and Security Layer (SASL) Mechanisms > https://tools.ietf.org/html/rfc7677 > > Thanks in advance. https://www.dovecot.org/pipermail/dovecot/2019-January/114194.ht...

Hello, attached is an hg export on top of the current dovecot-2.2 branch, which adds support for a SCRAM-SHA-1 password scheme. Ideally I'd want doveadm pw's rounds flag to apply to this, but that's currently specific to the crypt password scheme, so I left it out for now. Regards, Florian Zeitz -------------- next part -------------- # HG changeset patch # User Florian Zeitz <florob...

Hi, is that here the right place to make feature requests? dovecot supports as authentication mechanism SCRAM-SHA-1 from RFC 5802 which was updated to SCRAM-SHA-256 in RFC 7677 Can SCRAM-SHA-256 be added to the authentication mechanisms? I would not like to request, that SCRAM-SHA-1 will be exchanged by SCRAM-SHA-256, since several applications only support SCRAM-SHA-1 Regards Torsten

...; >> On 16 December 2018 at 10:27 Tributh via dovecot <dovecot at dovecot.org> wrote: > >> > >> > >> Hi, > >> is that here the right place to make feature requests? > >> > >> dovecot supports as authentication mechanism > >> SCRAM-SHA-1 from RFC 5802 > >> which was updated to > >> SCRAM-SHA-256 in RFC 7677 > >> > >> Can SCRAM-SHA-256 be added to the authentication mechanisms? > >> > >> I would not like to request, that SCRAM-SHA-1 will be exchanged by > >> SCRAM-...

Hy, over the last days I have implemented SCRAM-SHA-1 in Dovecot's 2.1 branch. It does not do SCRAM-SHA-1-PLUS, but should be extendable enough to introduce it later. There are some checks for the message format which (assuming the client acts correclty) are not strictly necessary during parsing. This is partially in the hope that it might...

Hi, Op 13/01/2019 om 17:48 schreef Tributh via dovecot: > Hi, > sorry for my late reply. Was too busy during the week. > Thank you for your patches. I hope I will be able with them to get now > some client support for SCRAM-SHA-256. Will report how I succeed in the > future. I managed to test it successfully using MailKit: https://github.com/jstedfast/MailKit I used the IMAP demo in samples/ImapClientDemo. I limited the available mechanisms presented by the server to SCRAM-SHA-256 exclusively, so the demo need...

Hi running dovecot as IMAP/POP3-proxy with auth_mechanisms = CRAM-MD5 DIGEST-MD5 SCRAM-SHA-1 APOP LOGIN PLAIN which client supports currently "SCRAM-SHA-1" to test it? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/...

...o store user passwords in plain test and fine to do master user to backend. I had the crazy thought I could do something like the following: For each user Store supported password schemes as LDAP attributes: userPasswordCRAM-MD5: {CRAM-MD5}xxx userPasswordDIGEST-MD5: {DIGEST-MD5}xxxx userPasswordSCRAM: {SCRAM-SHA-1}xxxx userPasswordNTLM: {NTLM}xxxx then: =password=%{ldap:userPassword%m} <- Though this doesn't work.. just wondering if it could possibly work or if I should give up on this crazy idea :) Thanks Leon

...t AFAIK. That's a good reason not to offer that. > > Alexander > CRAM-MD5 can also be stored as stage 1 MD5 hashed blob. Only marginally better than plaintext. But as pointed out, CRAM-MD5, DIGEST-MD5 cannot work with crypted passwords. If you want to use "secure passwords", SCRAM-SHA1 is an option, but probably best is to disable other than 'PLAIN' and 'LOGIN' mech unless you know what you are doing. Aki

..... : kqueue SSL ............ : yes (OpenSSL) GSSAPI ......... : no passdbs ........ : static passwd passwd-file pam checkpassword sql : -shadow -bsdauth -ldap userdbs ........ : static prefetch passwd passwd-file checkpassword sql sudo doveadm pw -l SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 CLEAR CLEARTEXT SSHA256 MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SMD5 DIGEST-MD5 LDAP-MD5 How do I get ARGON2I, ARGON2ID in that list? Has anybody got Dovecot to work on recent macOS with...

...tarting dovecot, I received an error message when attempting to actually it: auth: FATAL: Unknown authentication mechanism "ARGON2ID" Output from doveadm pw -l doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 I assume I am making a stupid mistake, but I do not know what it is. -- Jerry

Hello, The world is not black or white. Yes CRAM-MD5 is old and his successor SCRAM-XXXXXX is not widely available/implemented which is sad. For your need, use TLS and forget about it. Thunderbird is conservative. If you don't configure TLS or TLS is not available, it try to use something that not expose the password. There is plenty of context where TLS is not possible/desi...

...e > SSL ............ : yes (OpenSSL) > GSSAPI ......... : no > passdbs ........ : static passwd passwd-file pam checkpassword sql > : -shadow -bsdauth -ldap > userdbs ........ : static prefetch passwd passwd-file checkpassword sql > > > sudo doveadm pw -l > SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 CLEAR CLEARTEXT SSHA256 MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SMD5 DIGEST-MD5 LDAP-MD5 > > How do I get ARGON2I, ARGON2ID in that list? > > Has anybody got Dovecot to work o...

...m all, -----Original Message----- From: dovecot <dovecot-bounces at dovecot.org> On Behalf Of FUSTE Emmanuel via dovecot Sent: Thursday, June 20, 2019 9:53 To: dovecot at dovecot.org Subject: Re: Help on CRAM-MD5 Hello, The world is not black or white. Yes CRAM-MD5 is old and his successor SCRAM-XXXXXX is not widely available/implemented which is sad. For your need, use TLS and forget about it. Thunderbird is conservative. If you don't configure TLS or TLS is not available, it try to use something that not expose the password. There is plenty of context where TLS is not possible/desira...