On 8/7/2010 11:38 PM, Gary V wrote:
On 8/7/10, Jerrale G wrote:
/etc/dovecot.conf:
auth default {
mechanisms=plain login cram-md5
passdb {
#..............
Windows Live Mail:
CRAM-MD5 authentication failed. This could be due to a lack of memory on
your system.
Your IMAP command could not be sent to the server, due to non-network
errors. This could, for example, indicate a lack of memory on your system.
Configuration:
Account: Sheltoncomputers (testuser)
Server: mail.sheltoncomputers.com
User name: [email protected]
Protocol: IMAP
Port: 993
Secure(SSL): 1
Code: 800cccdf
The console I'm using is 4 GB ram; so, this dumb error of windoze dead mail
is irrelevant. The other mechanisms of TLS/no tls plain login work fine. The
passwords are stored in mysql as md5(password) but this works on others not
using cram-md5 (secure login of the client). I'm trying to support a
plethora of mechanisms for the convenience of the customer and .
Jerrale G.
Senior Admin
I'm no expert, but if I'm not mistaken, cram-md5 requires a plain text
shared secret. I quote from
http://www.sendmail.org/~ca/email/cyrus2/components.html:
"Shared Secret Mechanisms - For these mechanisms, such as CRAM-MD5,
DIGEST-MD5, and SRP, there is a shared secret between the server and
client (e.g. a password). However, in this case the password itself
does not travel on the wire. Instead, the client passes a server a
token that proves that it knows the secret (without actually sending
the secret across the wire). For these mechanisms, the server
generally needs a plaintext equivalent of the secret to be in local
storage (not true for SRP)."
The auth default section of my dovecot.conf looks like:
auth default {
mechanisms = plain login cram-md5
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
passdb sql {
args = /etc/dovecot/dovecot-crammd5.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = root
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
With an /etc/dovecot/dovecot-crammd5.conf that might look something like this:
driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=password
default_pass_scheme = PLAIN
password_query = SELECT clear AS password FROM mailbox WHERE username
= '%u' AND active = '1'
With an added field to store a plain text password (I called it "clear").
I guess I was just wondering how I had the md5 in mysql working and I'm
aware of the salt sometimes required for md5 but only digest-md5. I
realized I had guessed correctly on initial setup to have, in
mysql.conf, default_pass_scheme = MD5 ; I incorrectly thought cram-md5
had to be as one of the auth default mechanisms to read md5 from mysql
correctly.
I guess I need to create a new "auth crammd5 {}" and setup mysql to have
the current password field to bet a function of the new clear field,
automatically creating the md5 from the clear password field. I will use
default_password_scheme=CLEAR, fetch from the clear, and setup
dovecot.conf auth crammd5 with the settings you suggested.
Thanks,
J. G.
