similar to: bug in 99.13-rc2 in ldap md5 patch

ok so now I've got Dovecot 1.0rc15 started on the test server. however it seems that the auth-workers don't like their job: auth-worker(default): plain_md5_verify((null)): Invalid password encoding What do I need to do to make their life easier? Current dovecot.conf: protocols = imap imaps pop3 pop3s disable_plaintext_auth = no login_greeting = amigo.net ready. mail_location =

hi, i setup a new mail server (dovecot-0.99.10.7) with ldap authentication (openldap-2.1.29-2). everything works properly until i switch the user's password from crypt to md5 in the ldap server (of course in this case in the ldap server it stores es {MD5}.... but dovecot gives such error messages: ----------------------- dovecot-auth: Jul 29 17:30:08 Info: ldap(lfarkas at x.com): password

Hello all, attached patch implements Compuserve RPA athentication mechanism. Tested with: - Eudora 6 (uses Compuserve "Virtual Key" RPA software); - TheBat! 2.11 (uses it's own RPA implementation). I hope it can be useful for someone. Best regards. -- Andrey Panin | Linux and UNIX system administrator pazke at donpac.ru | PGP key: wwwkeys.pgp.net -------------- next part

Hi all. I hope this is not a RTFM-type question, but I've been unable to find a searchable archive of this mailing list....... I recently began investigating using Dovecot/Postfix/MySQL solution. I've been following the documentation http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL?highlight=%28m ysql%29 While everything seems to have gone right, I have been unable to

hi everyone I am new to dovecot and I am having a little trouble I am getting this error in my mail.log I have google it and can't find a response, Aug 25 08:14:24 mta dovecot: auth-worker(default): mysql: Connected to 127.0.0.1 (postfix) Aug 25 08:14:24 mta dovecot: auth-worker(default): sql(sal at prt.com,127.0.0.1): Password query failed: Table 'postfix.password'

After I found out that {CRYPT} doesn't support passwords longer than 8 characters, I decided to switch over to MD5 for user passwords in my LDAP database. However, while I have no problem with Postfix + SASL, Dovecot fails to authenticate. Relevant bits from /etc/dovecot-ldap.conf: user_attrs = mailAddress,,,,, # The search string is identical to what's found in /etc/saslauthd.conf:

I tried to compile Dovecot v1.0RC2 on Opeteron/Solaris 10 box. "db-ldap.c", line 343: undefined symbol: LDAP_SASL_QUIET "LDAP_SASL_QUIET" is defined as "2U" in OpenLDAP's ldap.h but not in /usr/include/ldap.h How can I compile Dovecot with Sun's LDAP implementation?

After upgrading my dovecot installation about a month ago, I have started seeing "Requested CRAM-MD5 scheme, but we have only MD5-CRYPT" message from dovecot in my logs. Any help in finding and correcting the cause will be greatly appreciated. --Richard

Hi all, Got a question on configuring dovecot, I'm still new at this so I might be doing this all wrong. I want dovecot to authenticate the mail client using CRAM-MD5 so I've setup the config in dovecot.conf: auth default { mechanisms = cram-md5 passdb sql { # Path for SQL configuration file, see doc/dovecot-sql-example.conf args = /etc/dovecot/dovecot-sql.conf

$ dovecotpw -p testpass {HMAC-MD5}fe8522268d91e485ccac8f36800e4fa6b10363e2a371cfa61731109b450906cd I wonder if the prefix 'HMAC-MD5' is the correct notation here. According to RFC2104 an HMAC is calculated as follows: H(K XOR opad, H(K XOR ipad, text)) where H is the cryptographic hash function (MD5 in this case). Therefore the result has to be a 128 bit string, which is obviously not

Hi, based on the recent discussion by Bill Cole and Douglas Willcocks I've quickly put together a PHP script which generates MD5 'contexts' for Dovecot's password files: http://www.noerenberg.de/hajo/pub/dovecot_hmacmd5.php.txt The script has not been tested extensively, so use it on your own risk :) Most of the code has been shamelessly stolen from various sources.

'afternoon list! I use mysql as userdb, which contains two type of password schemes: DES and MD5-CRYPT. I read there : http://wiki.dovecot.org/Authentication/PasswordSchemes that both are supported by dovecot. Unfortunately, dovecot keeps saying: Not a valid MD5-CRYPT or PLAIN-MD5 password when looking for a user with DES encrypted password. Is dovecot able to recognize password

We have a plethora of accounts for which we would like to enable CRAM-MD5 but their passwords are stored as MD5 hashes. Is there anything we can do? Can we take a linux MD5 hashed password (e.g. $1$fac330ee$wd6Tll...) and convert it to dovecot's CRAM-MD5 format (e.g. {CRAM-MD5}b3f297...)? Thanks!

On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: > Hello, > > I am wondering which variant is more secure for user authentication and > password scheme. Basically I am looking at both variants: > > 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism > 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism > > In my opinion the option 2)

Am 06.12.2014 um 06:56 schrieb Jan Wide?: > If you add disable_plaintext_auth=yes ssl=required settings, then > dovecot will drop authentication without STARTTLS. But damage will be > done, client will send unencrypted (or in this scenario MD5 or SHA512 > hash) login/password no, damage will *not* be done STARTTLS happens in context of connect and *log before* any authentication is

Hi friends, I am migrating imap-courier to dovecot, I use openbsd+postfix+imap-courier, and now I'm trying to run openbsd+opensmtpd+dovecot. In the beginning it was a little traumante but it works OpenSMTPD correctly. Now I have configured dovecot, and I hope that your backend authorization is the same database that was used imap-courier. In /var/log/maillog receipt the following error

When using CRYPT to encrypt the password, you must put the following in dovecot-sql.conf.ext default_pass_scheme = CRYPT I hope this can help more people, in addition to leave you as I did my query: password_query = \ SELECT password \ FROM users WHERE login = '%u -- editor de sue?os

Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald <h.reindl at thelounge.net>: > >Am 06.12.2014 um 06:56 schrieb Jan Wide?: >> If you add disable_plaintext_auth=yes ssl=required settings, then >> dovecot will drop authentication without STARTTLS. But damage will be >> done, client will send unencrypted (or in this scenario MD5 or SHA512 >> hash)

Hello, I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants: 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and

On 12/06/2014 02:35 AM, Nick Edwards wrote: > On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: >> Hello, >> >> I am wondering which variant is more secure for user authentication and >> password scheme. Basically I am looking at both variants: >> >> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism >> 2) SHA512-CRYPT password