Displaying 20 results from an estimated 2000 matches similar to: "LDAP, MD5-CRYPT, invalid credentials, BUG or config issue?"
2014 Dec 06
0
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
On 12/5/14, ML mail <mlnospam at yahoo.com> wrote:
> Hello,
>
> I am wondering which variant is more secure for user authentication and
> password scheme. Basically I am looking at both variants:
>
> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism
> 2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism
>
> In my opinion the option 2)
2014 Dec 06
0
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
Am 06.12.2014 um 06:56 schrieb Jan Wide?:
> If you add disable_plaintext_auth=yes ssl=required settings, then
> dovecot will drop authentication without STARTTLS. But damage will be
> done, client will send unencrypted (or in this scenario MD5 or SHA512
> hash) login/password
no, damage will *not* be done
STARTTLS happens in context of connect and *log before* any
authentication is
2014 Dec 06
1
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald <h.reindl at thelounge.net>:
>
>Am 06.12.2014 um 06:56 schrieb Jan Wide?:
>> If you add disable_plaintext_auth=yes ssl=required settings, then
>> dovecot will drop authentication without STARTTLS. But damage will be
>> done, client will send unencrypted (or in this scenario MD5 or SHA512
>> hash)
2014 Dec 05
3
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
Hello,
I am wondering which variant is more secure for user authentication and password scheme. Basically I am looking at both variants:
1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism
2) SHA512-CRYPT password scheme storage with PLAIN auth mechanism
In my opinion the option 2) should be safer although it is using PLAIN auth mechanism. Of course I would always use STARTTLS and
2014 Dec 06
3
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
On 12/06/2014 02:35 AM, Nick Edwards wrote:
> On 12/5/14, ML mail <mlnospam at yahoo.com> wrote:
>> Hello,
>>
>> I am wondering which variant is more secure for user authentication and
>> password scheme. Basically I am looking at both variants:
>>
>> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism
>> 2) SHA512-CRYPT password
2008 Jun 01
2
Requested CRAM-MD5 scheme, but we have only MD5-CRYPT
After upgrading my dovecot installation about a month ago, I have started
seeing "Requested CRAM-MD5 scheme, but we have only MD5-CRYPT" message
from dovecot in my logs.
Any help in finding and correcting the cause will be greatly appreciated.
--Richard
2010 Jan 20
2
md5_verify(...): Not a valid MD5-CRYPT or PLAIN-MD5 password
'afternoon list!
I use mysql as userdb, which contains two type of
password schemes: DES and MD5-CRYPT.
I read there :
http://wiki.dovecot.org/Authentication/PasswordSchemes
that both are
supported by dovecot.
Unfortunately, dovecot keeps saying: Not a valid
MD5-CRYPT or PLAIN-MD5 password when looking for a user with DES encrypted
password.
Is dovecot able to recognize password
2015 Feb 11
0
Invalid password in passdb: Not a valid MD5-CRYPT or PLAIN-MD5 password
Hi friends,
I am migrating imap-courier to dovecot, I use openbsd+postfix+imap-courier,
and now I'm trying to run openbsd+opensmtpd+dovecot.
In the beginning it was a little traumante but it works OpenSMTPD correctly.
Now I have configured dovecot, and I hope that your backend
authorization is the
same database that was used imap-courier.
In /var/log/maillog receipt the following error
2015 Feb 12
0
Invalid password in passdb: Not a valid MD5-CRYPT or PLAIN-MD5 password
When using CRYPT to encrypt the password, you must put the following in
dovecot-sql.conf.ext
default_pass_scheme = CRYPT
I hope this can help more people, in addition to leave you as I did my
query:
password_query = \
SELECT password \
FROM users WHERE login = '%u
--
editor de sue?os
2006 Sep 23
1
PAM authentication problem: MD5 vs crypt
Here's a strange one. I have Dovecot set up on Solaris 9. The auth portion
of the config is straight out of the box. Using PAM. We have most users in
a dbm file which is just a series of key/value pairs: key is a username,
and value is a string equivalent to a shadow entry. nsswitch.conf entry:
passwd files dbm.
For historical reasons, some users have a classic 13-character Unix crypt
2010 Apr 16
2
"try MD5-CRYPT scheme instead"?
I'm getting a lot of entries like this in my log:
Apr 16 10:10:18 postamt dovecot: auth(default): shadow(doxxxris,141.42.206.38): CRYPT(wrongpassword) != '$1$qSe71xxx$09MoMqNyll.wPLCdSaFuA0', try MD5-CRYPT scheme instead
It seems that changing the password via SquirrelMail (poppasswd)
breaks the authentication scheme somewhat. Users cannot log in anymore.
--
Ralf Hildebrandt
2007 Feb 09
1
MD5-CRYPT passwords in a MySQL Database
First of all, hello to the list.
I'm currently migrating from a /etc/passwd and /etc/shadow based
configuration to a MySQL based one using dovecot 99.14 on debian sarge.
The problem is that the /etc/shadow containes both DES encoded (Crypt)
and md5 based passwords. I've set the default system to be Crypt, and
have added {MD5-CRYPT} in front of the md5 passwords in place of the $1$
2008 Dec 28
2
Bug in Dovecot 1.0.5 - CRYPT-MD5 not working
Problem:
Using MySQL storage for the user and password db with MD5-CRYPT hashes,
Dovecot fails to successfully authenticate when the MD5-CRYPT or MD5
settings are specified as default_pass_scheme in dovecot-mysql.conf.
Dovecot /does/ successfully authenticate against MD5-CRYPT hashes when
default_pass_scheme is set to CRYPT, which according to the docs should
be DES encryption. (I do not
2009 Jan 20
0
"userdb didn't return a home directory" with v1.1.7
Hi all,
I am running Dovecot v1.1.7 in a relatively quiet and calm environment.
Suddenly overnight cron job started throwing out errors like:
/usr/sbin/dovecot --exec-mail ext /usr/lib/dovecot/expire-tool
Error: userdb(user1 at mail.example) didn't return a home directory
Error: userdb(user2 at mail.example) didn't return a home directory
Indeed, running this command produces:
2009 Jan 20
2
userdb didn't return a home directory with v1.1.7
Hi all,
I am running Dovecot v1.1.7 in a relatively quiet and calm environment.
Suddenly overnight cron job has started throwing out errors like:
/usr/sbin/dovecot --exec-mail ext /usr/lib/dovecot/expire-tool
Error: userdb(user1 at mail.example) didn't return a home directory
Error: userdb(user2 at mail.example) didn't return a home directory
Indeed, running this command produces:
2008 Sep 19
2
Bug in keywords conversion with courier-dovecot-migrate.pl v1.1.7
The problem is the file glob on line 344 in convert_subscriptions()
# read updates from the directory
my %updates;
foreach (<$keyword_dir/*>) {
This isn't going to pick up any files beginning with a dot, so most of
the update files in the courierimapkeywords directory are going to be
skipped.
2008 Nov 23
6
v1.1.7 released
http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz.sig
I should have released this earlier since v1.1.6 had that annoying
startup problem, but surprisingly few people complained about it so I
kind of forgot about it then.
BTW. v1.2 progresses nicely. Now that shared mailboxes are finally fully
supported, there aren't any widely used IMAP
2008 Nov 23
6
v1.1.7 released
http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz
http://dovecot.org/releases/1.1/dovecot-1.1.7.tar.gz.sig
I should have released this earlier since v1.1.6 had that annoying
startup problem, but surprisingly few people complained about it so I
kind of forgot about it then.
BTW. v1.2 progresses nicely. Now that shared mailboxes are finally fully
supported, there aren't any widely used IMAP
2008 Nov 23
1
dovecot Digest, Vol 67, Issue 60
dovecot-request at dovecot.org demis ki::
> Send dovecot mailing list submissions to
> dovecot at dovecot.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://dovecot.org/cgi-bin/mailman/listinfo/dovecot
> or, via email, send a message with subject or body 'help' to
> dovecot-request at dovecot.org
>
> You can reach the person managing
2019 Mar 06
0
Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 6 March 2019 18:16 Kristijan Savic - ratiokontakt GmbH via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: