search for: smd5

Hello, am I right, that dovecot can't cope with ldap so authentification is handled by ldap itself? And, for that I have to use {CRYPT} and cannot use other mechanisms as {SMD5} Are there any other possibilities? A --

Working with a dovecot migration, I am curious what version (if any) of Dovecot (dovecot-auth) supports SMD5 and ldap-MD5 when using Dovecot -> OpenLDAP direct binding? Thank you! Eric

...version is 0.99.11-2.EL4.1 which I assume is considerably behind the current stable version of 0.99.14. Is it the fact that I am using an older version of dovecot that SSHA passwords in an openldap directory are not recognized and give the following error: dovecot-auth: Unknown password scheme SMD5 ? LDAP is working as expected for NFS maildirs. I have dovecot 0.99.13 working on fedora core 3, but the stability of fedora leaves much to be desired and would like to get a stable, low maintenance install of dovecot on an enterprise supported linux. Redhat does not have packages for 0.99.1...

...The user password are stored in form: {crypt}mypasswd. In dovecot-ldap.conf I have default_pass_scheme = CRYPT. All is working fine. The problem in the crypt scheme is that I can't have passwords more than 8 characters long. So I've tried to change the type of the ldap passwords in SSHA or SMD5, but in this way the users can't authenticate yourselfs. Dovecot doesn't understand SSHA or SMD5?

...machine I was replacing, a Sun Ultra 5 running Post.Office, had dying hard drives. Now, I'm actually sitting down and adapting it as a module and am having trouble getting it to work. The code tarball itself can be picked up here: http://www.ian-justman.com/code/dovecot/password_scheme_po_smd5.tar.gz Before I continued, I made sure that a system-level account worked: # telnet <server IP> 110 Trying <server IP>... Connected to <server IP>. Escape character is '^]'. +OK Dovecot ready. user <username> +OK pass <password> +OK Logged in. quit +OK Loggin...

...ARGON2ID" Output from doveadm pw -l doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 I assume I am making a stupid mistake, but I do not know what it is. -- Jerry

> Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, SMD5 The web is flooded with plain text passwords and hashed passwords harvested from hacked servers. Dovecot stores passwords with the same scheme used for client authentication. Therefore, we use crammd5/hmac-md5. It does not look like much, but is better than plaintext. As md5 is about to go, and...

...I was playing around with different encryption schemes. doveadm pw -l SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 There is no mention of "argon2" shown. Now, from the command line I can enter this command: ~ $ echo -n "Secret-Password" | argon2 somesalt Type: Argon2i Iterations: 3 Memory: 4096 KiB Parallelism: 1 Hash: e6432f595e999988c7c54c30d5...

(I subscribed to a daily digest for this list and can?t figure out how to reply to a reply.) Anyway, Aki Tuomi replied to my feature request saying: > We support in latest 2.2 release > > MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN > CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 > PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA CRYPT SHA256-CRYPT > SHA512-CRYPT > > There is also blowfish support as BLF-CRYPT, but that requires that your > system su...

...rst? of the hashing 'sponge' functions, that many have followed.? It is the basis of SHA3 (at Keccak's greatest strength). Argon2 seems to be special-built for password hashing.? Thing is it is not supported on my CentOS7 system: # doveadm pw -l MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT Of course SHA3 is not listed either...

.../usr/local/sbin/smbldap-passwd -u %u passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/ and this is the setup in smbldap.conf: # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt="CRYPT" So, I don't know why windows is changing the password in SSHA format. I appreciate your help. Pablo Chamorro -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto

...have followed.? It is the basis >> of SHA3 (at Keccak's greatest strength). >> >> Argon2 seems to be special-built for password hashing.? Thing is it is >> not supported on my CentOS7 system: >> >> # doveadm pw -l >> MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN >> CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 >> PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT >> SHA256-CRYPT SHA512-CRYPT >> >> Of course SHA3 is not listed either... >> >> > ARG...

Hello, I've just installed dovecot to replace courier-imap and I've found out it didn't support some of the typical LDAP userPassword schemes, so I've written some based on OpenSSL API. Furthermore I noticed that the MD5 one seems broken. If it isn't a requirement to ship its own implementation of a crypto algorithm, I would send in a patch to replace schema checks with

...s. > > doveadm pw -l > SHA1 SSHA512 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA RPA DES-CRYPT CRYPT SSHA > MD5-CRYPT SKEY PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 LANMAN SHA512-CRYPT CLEAR > CLEARTEXT SSHA256 NTLM MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT > SMD5 DIGEST-MD5 LDAP-MD5 > > There is no mention of "argon2" shown. Now, from the command line I can enter > this command: > > ~ $ echo -n "Secret-Password" | argon2 somesalt > Type: Argon2i > Iterations: 3 > Memor...

...ed. We will provide advance notification before removing anything. To start, the following features are likely to be removed in next few releases of Dovecot. - Authentication drivers: vpopmail, checkpassword, bsdauth, shadow, sia - Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, SMD5 - Authentication mechanisms: ntlm, rpa, skey - Dict drivers: memcached, memcached-ascii (use redis instead) - postfix postmap support - autocreate & autosubscribe plugins (use built-in auto=create/subscribe setting instead) - expire plugin (use built-in autoexpunge setting) - fts-squat pl...

...ed. We will provide advance notification before removing anything. To start, the following features are likely to be removed in next few releases of Dovecot. - Authentication drivers: vpopmail, checkpassword, bsdauth, shadow, sia - Password schemes: HMAC-MD5, RPA, SKEY, PLAIN-MD4, LANMAN, NTLM, SMD5 - Authentication mechanisms: ntlm, rpa, skey - Dict drivers: memcached, memcached-ascii (use redis instead) - postfix postmap support - autocreate & autosubscribe plugins (use built-in auto=create/subscribe setting instead) - expire plugin (use built-in autoexpunge setting) - fts-squat pl...

...dbs ........ : static prefetch passwd passwd-file checkpassword sql sudo doveadm pw -l SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 CLEAR CLEARTEXT SSHA256 MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SMD5 DIGEST-MD5 LDAP-MD5 How do I get ARGON2I, ARGON2ID in that list? Has anybody got Dovecot to work on recent macOS with these password schemes? Any hints? Thanks, James. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attac...

Hi, just a question: I know that dovecot supports SASL authentication and supports LDAP. Which means that dovecot performs the SASL methods itself and stores the plaintext secret on LDAP. But it is also possible to have the LDAP do the SASL work and dovecot just pass SASL messages through? Even when the LDAP server uses a proprietary SASL method not supported by dovecot? regards Hadmut

...1/1 ? Verifying? : libsodium-1.0.17-1.el7.armv7hl?????????????????????????????? 1/1 Installed: ? libsodium.armv7hl 0:1.0.17-1.el7 Complete! [root at klovia ~]# doveadm pw -s ARGON2I -p secret Fatal: Unknown scheme: ARGON2I [root at klovia ~]# doveadm pw -l MD5 MD5-CRYPT SHA SHA1 SHA256 SHA512 SMD5 SSHA SSHA256 SSHA512 PLAIN CLEAR CLEARTEXT PLAIN-TRUNC CRAM-MD5 SCRAM-SHA-1 HMAC-MD5 DIGEST-MD5 PLAIN-MD4 PLAIN-MD5 LDAP-MD5 LANMAN NTLM OTP SKEY RPA PBKDF2 CRYPT SHA256-CRYPT SHA512-CRYPT Previously installed argon2: grep -n argon /var/log/yum.log* /var/log/yum.log:128:Feb 13 09:01:01 Install...

...s ........ : static prefetch passwd passwd-file checkpassword sql > > > sudo doveadm pw -l > SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 CLEAR CLEARTEXT SSHA256 MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SMD5 DIGEST-MD5 LDAP-MD5 > > How do I get ARGON2I, ARGON2ID in that list? > > Has anybody got Dovecot to work on recent macOS with these password schemes? Any hints? > > Thanks, James. You need to use --with-sodium when building. Aki