similar to: LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?

On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: > Hello, > > I am wondering which variant is more secure for user authentication and > password scheme. Basically I am looking at both variants: > > 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism > 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism > > In my opinion the option 2)

Am 06.12.2014 um 06:56 schrieb Jan Wide?: > If you add disable_plaintext_auth=yes ssl=required settings, then > dovecot will drop authentication without STARTTLS. But damage will be > done, client will send unencrypted (or in this scenario MD5 or SHA512 > hash) login/password no, damage will *not* be done STARTTLS happens in context of connect and *log before* any authentication is

Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald <h.reindl at thelounge.net>: > >Am 06.12.2014 um 06:56 schrieb Jan Wide?: >> If you add disable_plaintext_auth=yes ssl=required settings, then >> dovecot will drop authentication without STARTTLS. But damage will be >> done, client will send unencrypted (or in this scenario MD5 or SHA512 >> hash)

Hello, I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants: 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and

On 12/06/2014 02:35 AM, Nick Edwards wrote: > On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: >> Hello, >> >> I am wondering which variant is more secure for user authentication and >> password scheme. Basically I am looking at both variants: >> >> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism >> 2) SHA512-CRYPT password

After upgrading my dovecot installation about a month ago, I have started seeing "Requested CRAM-MD5 scheme, but we have only MD5-CRYPT" message from dovecot in my logs. Any help in finding and correcting the cause will be greatly appreciated. --Richard

'afternoon list! I use mysql as userdb, which contains two type of password schemes: DES and MD5-CRYPT. I read there : http://wiki.dovecot.org/Authentication/PasswordSchemes that both are supported by dovecot. Unfortunately, dovecot keeps saying: Not a valid MD5-CRYPT or PLAIN-MD5 password when looking for a user with DES encrypted password. Is dovecot able to recognize password

Hi friends, I am migrating imap-courier to dovecot, I use openbsd+postfix+imap-courier, and now I'm trying to run openbsd+opensmtpd+dovecot. In the beginning it was a little traumante but it works OpenSMTPD correctly. Now I have configured dovecot, and I hope that your backend authorization is the same database that was used imap-courier. In /var/log/maillog receipt the following error

When using CRYPT to encrypt the password, you must put the following in dovecot-sql.conf.ext default_pass_scheme = CRYPT I hope this can help more people, in addition to leave you as I did my query: password_query = \ SELECT password \ FROM users WHERE login = '%u -- editor de sue?os

Here's a strange one. I have Dovecot set up on Solaris 9. The auth portion of the config is straight out of the box. Using PAM. We have most users in a dbm file which is just a series of key/value pairs: key is a username, and value is a string equivalent to a shadow entry. nsswitch.conf entry: passwd files dbm. For historical reasons, some users have a classic 13-character Unix crypt

I'm getting a lot of entries like this in my log: Apr 16 10:10:18 postamt dovecot: auth(default): shadow(doxxxris,141.42.206.38): CRYPT(wrongpassword) != '$1$qSe71xxx$09MoMqNyll.wPLCdSaFuA0', try MD5-CRYPT scheme instead It seems that changing the password via SquirrelMail (poppasswd) breaks the authentication scheme somewhat. Users cannot log in anymore. -- Ralf Hildebrandt

First of all, hello to the list. I'm currently migrating from a /etc/passwd and /etc/shadow based configuration to a MySQL based one using dovecot 99.14 on debian sarge. The problem is that the /etc/shadow containes both DES encoded (Crypt) and md5 based passwords. I've set the default system to be Crypt, and have added {MD5-CRYPT} in front of the md5 passwords in place of the $1$

Problem: Using MySQL storage for the user and password db with MD5-CRYPT hashes, Dovecot fails to successfully authenticate when the MD5-CRYPT or MD5 settings are specified as default_pass_scheme in dovecot-mysql.conf. Dovecot /does/ successfully authenticate against MD5-CRYPT hashes when default_pass_scheme is set to CRYPT, which according to the docs should be DES encryption. (I do not

Hi all, I am running Dovecot v1.1.7 in a relatively quiet and calm environment. Suddenly overnight cron job started throwing out errors like: /usr/sbin/dovecot --exec-mail ext /usr/lib/dovecot/expire-tool Error: userdb(user1 at mail.example) didn't return a home directory Error: userdb(user2 at mail.example) didn't return a home directory Indeed, running this command produces:

Hi all, I am running Dovecot v1.1.7 in a relatively quiet and calm environment. Suddenly overnight cron job has started throwing out errors like: /usr/sbin/dovecot --exec-mail ext /usr/lib/dovecot/expire-tool Error: userdb(user1 at mail.example) didn't return a home directory Error: userdb(user2 at mail.example) didn't return a home directory Indeed, running this command produces:

The problem is the file glob on line 344 in convert_subscriptions() # read updates from the directory my %updates; foreach (<$keyword_dir/*>) { This isn't going to pick up any files beginning with a dot, so most of the update files in the courierimapkeywords directory are going to be skipped.

http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz.sig I should have released this earlier since v1.1.6 had that annoying startup problem, but surprisingly few people complained about it so I kind of forgot about it then. BTW. v1.2 progresses nicely. Now that shared mailboxes are finally fully supported, there aren't any widely used IMAP

http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz.sig I should have released this earlier since v1.1.6 had that annoying startup problem, but surprisingly few people complained about it so I kind of forgot about it then. BTW. v1.2 progresses nicely. Now that shared mailboxes are finally fully supported, there aren't any widely used IMAP

dovecot-request at dovecot.org demis ki:: > Send dovecot mailing list submissions to > dovecot at dovecot.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://dovecot.org/cgi-bin/mailman/listinfo/dovecot > or, via email, send a message with subject or body 'help' to > dovecot-request at dovecot.org > > You can reach the person managing

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 6 March 2019 18:16 Kristijan Savic - ratiokontakt GmbH via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: