similar to: CRAM-MD5 authentication but plain-md5 password storage.

Displaying 20 results from an estimated 3000 matches similar to: "CRAM-MD5 authentication but plain-md5 password storage."

2008 Sep 12
5
cram-md5 and users maintaining their own passwords?
Is there any other mechanism than using passwd files with md5-hashed passwords created by dovecotpw that will support cram-md5 authentication? Has anyone created setups where the passwd databases reside in the individual users home directories? Is it possible to persuade dovecotpw to update the passwd databases automatically. Having to use a text editor to paste in the passwords sets a high
2008 Apr 11
1
CRAM-MD5 Password Generation Algorithm
Hi, I'm just in the middle of setting up dovecot to serve IMAPS -- Actually I've finished apart from one thing: CRAM-MD5 passwords. I'm using SQL as a backend for the password storage, and I don't want to store the passwords in plaintext. I've also configured dovecot to be rather restrictive when it comes to authentication methods (only CRAM-MD5 is allowed). To generate the
2006 Sep 11
3
Using pgsql with 'cram-md5 auth' and 'hmac-md5 scheme'
Hello, I want to use PostgreSQL to store my Dovecot users. I setup a very basic configuration, following word for word this page http://wiki.dovecot.org/DovecotPostgresql and it works ... almost. In fact, it works if I use PLAIN password scheme in my database. However, I would like to store them encrypted. But, if I replace the password field for my user with {HMAC-MD5}-... (the password
2009 Dec 16
2
CRAM-MD5 in Python
Hi to all! I?m writing a python module (python+sqlalchemy) to manage user and domain configuration on my system (I hope to get a CLI tool, a Web app and even a native Mac app, via PyObjc, from my lib). I?m implementing password crypto, but I have some problem in generating CRAM-MD5 password, dovecot style. I?ve found an old discussion on this mailing list and a piece of Perl that works, but I need
2010 Aug 07
1
dovecot.conf: mechanisms = plain login cram-md5 | Windows Live Mail: CRAM-MD5 authentication failed. This could (NOT) be due to a lack of memory on your system
/etc/dovecot.conf: auth default { mechanisms=plain login cram-md5 passdb { #.............. Windows Live Mail: CRAM-MD5 authentication failed. This could be due to a lack of memory on your system. Your IMAP command could not be sent to the server, due to non-network errors. This could, for example, indicate a lack of memory on your system. Configuration: Account: Sheltoncomputers
2014 Dec 05
3
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
Hello, I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants: 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and
2010 Sep 23
1
Plain-Text & CRAM-MD5
Hi there, I'm currently running my auth against CRAM-MD5 only. But I face problems with customers who apparently have smart phones which ONLY support plain-text authentification ;( Bad - I know, but what should I do ... ;/ So my question now is: Is it possible to run CRAM-MD5 as well as Plain-Text auth together with Postfix if Postfix is using Dovecot's SASL auth service? Cause
2007 Jan 24
1
default_pass_scheme = PLAIN-MD5 dont work :(
I config postfix+mysql+dovecot for SASL SMTP autentication. It works if set: default_pass_scheme = PLAIN and store plain-text password in mysql I'm change default_pass_scheme = PLAIN with default_pass_scheme = PLAIN-MD5 an store password in mysql with md5('passwd') and dovecotpw -s PLAIN-MD5 -p test {PLAIN-MD5} and md5("test") = 098f6bcd4621d373cade4e832627b4f6 but
2007 Mar 19
3
PHP implementation of dovecotpw passwords
I am looking for PHP functions that implement passwords that much the dovecotpw implementation. I downloaded one from PEAR, Crypt_HMAC, but the passwords it generates look nothing like the dovecotpw passwords, which could be my fault because I know nothing about the field. Is there a guide or some library that implements them to match dovecotpw?
2014 Dec 06
0
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: > Hello, > > I am wondering which variant is more secure for user authentication and > password scheme. Basically I am looking at both variants: > > 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism > 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism > > In my opinion the option 2)
2014 Dec 06
0
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
Am 06.12.2014 um 06:56 schrieb Jan Wide?: > If you add disable_plaintext_auth=yes ssl=required settings, then > dovecot will drop authentication without STARTTLS. But damage will be > done, client will send unencrypted (or in this scenario MD5 or SHA512 > hash) login/password no, damage will *not* be done STARTTLS happens in context of connect and *log before* any authentication is
2014 Dec 06
1
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald <h.reindl at thelounge.net>: > >Am 06.12.2014 um 06:56 schrieb Jan Wide?: >> If you add disable_plaintext_auth=yes ssl=required settings, then >> dovecot will drop authentication without STARTTLS. But damage will be >> done, client will send unencrypted (or in this scenario MD5 or SHA512 >> hash)
2014 Dec 06
3
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
On 12/06/2014 02:35 AM, Nick Edwards wrote: > On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: >> Hello, >> >> I am wondering which variant is more secure for user authentication and >> password scheme. Basically I am looking at both variants: >> >> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism >> 2) SHA512-CRYPT password
2004 Jul 22
3
CRAM-MD5
Hi, after getting dovecot working with PostgreSQL and plaintext passwords I tried to use md5 encrypted passwords with mozilla. www.roughtrade.net/dovecot says that Mozilla only supports CRAM-MD5 and that CRAM-MD5 is included in HEAD. Now I have two questions: 1) Is the md5 hash stored in passdb with cram-md5 the same as in digest-md5? 2) Is a new dovecot stable build planned within the next two
2019 Jun 20
2
Help on CRAM-MD5
I don't desagree with your vision, but if the use of CRAM-XXXX has to use plaint text password's on the server there's a dark side, or there's a CRAM-XXX that can use encrypted on server side? There's always the thing that can clients don't support it. I think i'm not wrong with what i said, On 20 Jun 2019, at 02:53, FUSTE Emmanuel via dovecot <dovecot at
2018 Apr 23
2
question about using cram-md5 login passwords
hello dovecot community, question; if my user database and dovecot installation is currently setup to use plain login passwords, and i want to convert to cram-md5, after i configure dovecot accordingly and reset passwords into cram-md5, if anyone uses plain login method again in the future, will it still work? or must they always from this point on use encrypted passwords? Thanks. -- Thanks,
2019 Jun 18
4
Help on CRAM-MD5
Howdy, I'm using dovecot and mysql users, and i'm creating the password with: ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))) So far so good, everything's fine. Today saw that i didn't enabled CRAM-MD5, but if I do, and the (at least) IMAP client (roundcube/thunderbird/etc) issues CRAM-MD5 it doesn't authenticate. What am i doing wrong, or
2010 Sep 21
1
MD5 to CRAM-MD5 password conversion?
We have a plethora of accounts for which we would like to enable CRAM-MD5 but their passwords are stored as MD5 hashes. Is there anything we can do? Can we take a linux MD5 hashed password (e.g. $1$fac330ee$wd6Tll...) and convert it to dovecot's CRAM-MD5 format (e.g. {CRAM-MD5}b3f297...)? Thanks!
2008 Jun 01
2
Requested CRAM-MD5 scheme, but we have only MD5-CRYPT
After upgrading my dovecot installation about a month ago, I have started seeing "Requested CRAM-MD5 scheme, but we have only MD5-CRYPT" message from dovecot in my logs. Any help in finding and correcting the cause will be greatly appreciated. --Richard
2019 Jun 20
1
Help on CRAM-MD5
Le 20/06/2019 ? 12:25, @lbutlr via dovecot a ?crit?: > On 20 Jun 2019, at 04:14, Jorge Bastos via dovecot <dovecot at dovecot.org> wrote: >> I don't desagree with your vision, but if the use of CRAM-XXXX has to use >> plaint text password's on the server there's a dark side, or there's a >> CRAM-XXX that can use encrypted on server side? There's