similar to: Automatic DB password hash scheme selection

On 08.09.2017 06:16, Kurt Fitzner wrote: > > > Hi all, > > Is there a way to get dovecot to recognize arbitrary password hash > schemes when looking up a password in a database? I originally set up > with #default_pass_scheme = MD5, and I would like to migrate to SHA512. > > Seeing as the scheme is actually stored in the password column along > with the password

The wiki[1] says: If all the passwords are in same format, you can use default_pass_scheme to specify it. Otherwise each password needs to be prefixed with "{password-scheme}", for example "{plain}plaintext-password". Why doesn't dovecot recognize the crypt scheme identifier ($1$ for MD5-CRYPT, $6$ for SHA512-CRYPT etc.)? At the moment I have to have the following in my db

Hello, There is a disconnect between the way Postfix handles recipient_delimiter and the way Dovecot handles it. For Postfix, it is a set of delimiters that can each individually be used to separate the address from the . In Dovecot, having multiple characters in recipient_delimiters simply makes it a multi-character single delimiter. For my purposes, the Postfix method is much more

An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20040415/6df3374c/attachment-0002.html> -------------- next part -------------- Hi, This is from your documentation Creating new users ------------------ Dovecot is interested in only one thing - being able to find the user's mail directory. With maildir you need to do mkdir ~user/Maildir, with mbox

Hi, I'm new to dovecott. Using version 1.0.rc15. I have a mail server that has both the old style unix mbox in /var/mail/%u, and virtual mail maildir in /var/vmail/%d/%n. Debian Linux Etch stable. I'm trying to get dovecot to deliver to /var/mail/%u using mbox format, and to deliver to /var/vmail/%d/%n using maildir format. I can't get it do work. I can get it to access both

I am interested in configuring Dovecot's TLS so as to retain forward secrecy, but eliminate all of NIST's elliptic curves. Besides being subject to side channel attacks [1], in some quarters there is a general distrust of NIST's curves and any of their other cryptographic primitives after the Dual EC DRBG debacle. >From what I can tell, the following will prevent the use of

Hello, On Sun, Sep 22, 2024 at 10:15?AM Kurt Fitzner via openssh-unix-dev <openssh-unix-dev at mindrot.org> wrote: > > I would like to advocate for: > > - Change behaviour of the server to allow server operators to set the > minimum modulus group size allowable for a connection using > diffie-hellman-group-exchange-sha256 > Whether this is by having the server refuse

Hello all, I have recently had cause to dig a little into the specifics of how diffie-hellman-group-exchange-sha256 group sizes work. The belief in the wild, perpetuated by multiple sources of logjam mediation papers and also Andras Stribnik's very influential piece "Secure Secure Shell", is that server operators can force the use of a minimum group size by removing moduli

I've been running dovecott without trouble for quite a why and now when I added a new user, it is not accepting the user and I can not track the problem. It says find more information in the server log, but it is not in /var/log/messages or /var/log/mail.err and nothing with lsof dovecot|grep log show anything to tail www:~ # dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux

It's quite likely I'm doing it wrong, but... Given a valid mailbox... doveadm mailbox list -u <username> realmb returns "realmb" doveadm mailbox list -u <username> real* returns "realmb" Seems reasonable. Now, with a non-existent mailbox... doveadm mailbox list -u <username> bogus returns "bogus" doveadm mailbox list -u

I have a raid5 array on my web server for which I am currently considering a move to ext3. I want to use an external journal to improve performance. Since the external journal would reside on a drive that is not participating in the raid array, I'm wondering what the behavior of an ext3 filesystem is should the device an external journal is on should fail. If it reverts to ext2

Hi all, I would like to know how often a writes happen on ext3 fs. Is there any way to find this out? Thanks Rahul

I am having a terrible time getting an iPhone to connect to my stream. I am trying to connect through just a normal web browser (Safari) to my icecast 2.4.4 server. When I connect to the web page, the iphone doesn't see the <audio> tag on the stream. I think safari doesn't recognize application/ogg as a mime type, which is what icecast 2.4.4's web server puts on it. When I

Hi all, I am running samba-server-3.0.6-4.1.100mdk, openldap-servers-2.1.25-6mdk, lib64sasl2-plug-digestmd5-2.1.15-10.1.100mdk. I have searched through the lists and I am wondering if I am the only one doing this kind of set-up.. Anyway question is as follows: In my ldap server I have normal posix accounts with plain text password that are sorted out by a sasl-regex in the slapd.conf and

My opinion is that security by RFC is not security, it's mommy medicine. Standards have had a terrible time keeping up with security realities. NITS's curves leak side channel information all over the place. I don't have details on what implementations are set to calculate the NIST curves in constant time, and that's not an easy feat to do anyway so I don't want to depend

I''m about to implement this, and I''m thinking of storing the user''s id and their hashed password in the cookie after a successful authentication. can any see an obvious security issue with this? I know the method is vulnerable to cookie theft but am i missing anything? thanks alan

Hi, I want to add a new password hashing scheme as plugin and provide it for the dovecot project, so that it will be included as optional plugin in future releases. Yet the plugin compiles fine and the .so file gets created. My approach is to call the functions password_scheme_register() and password_scheme_unregister() (src/auth/password-scheme.c) inside the plugin's _init() and _deinit()

Hey everyone, I'm running Samba on Slackware 10.2. As near as I can tell based on looking at the glibc source, my options for Unix passwords (in /etc/passwd, or LDAP -- same options) are these: 1. crypt() with plain old, busted traditional hashing. 2. crypt() with MD5 hashing, via $1$saltsalt$hashhashhashhash format; the crypt() function the special format and automatically uses

> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote: > > > > > On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at gmail.com> wrote: > > > > > > 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>: > > > > > > > > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com> >

2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>: > > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com> > wrote: > > > > > > Hi, > > > > > > I want to add a new password hashing scheme as plugin and provide it for > > the dovecot project, so that it will be included as optional plugin in > > future