On 24/01/2012 22:06, Ed W wrote:
Hi, I have a current auth database using mysql with a "password"
column in plain text. The config has "default_pass_scheme = PLAIN"
specified
In preparation for a more adaptable system I changed a password entry
from "asdf" to "{PLAIN}asdf", but now auth fails. Works fine if I
change it back to just "asdf". (I don't believe it's a caching problem)
What might I be missing? I was under the impression that the password
column can include a {scheme} prefix to indicate the password scheme
(presumably this also means a password cannot start with a "{"?). Is
this still true when using mysql and default_pass_scheme ?
Hmm, so I try:
# doveadm pw -p asdf -s sha256
{SHA256}8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts=
I enter this hash into my database column, then enabling debug logging I
see this in the logs:
Jan 24 22:40:44 mail1 dovecot: auth: Debug:
cache(d...@mailasail.com,1.2.24.129): SHA256({PLAIN}asdf) !=
'8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts='
Jan 24 22:40:44 mail1 dovecot: auth-worker: Debug:
sql(d...@blah.com,1.2.24.129): query: SELECT NULLIF(mail_host,
'1.2.24.129') as proxy, NULLIF(mail_host, '1.2.24.129') as host, email
as user, password, password as pass, home userdb_home, concat(home, '/',
maildir) as userdb_mail, 200 as userdb_uid, 200 as userdb_gid FROM users
WHERE email =
if('blah.com'<>'','d...@blah.com','d...@blah.com@mailasail.com') and
flag_active=1
Jan 24 22:40:44 mail1 dovecot: auth-worker:
sql(d...@blah.com,1.2.24.129): Password mismatch (given password:
{PLAIN}asdf)
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error:
md5_verify(d...@mailasail.com): Not a valid MD5-CRYPT or PLAIN-MD5 password
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error:
ssha256_verify(d...@mailasail.com): SSHA256 password too short
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error:
ssha512_verify(d...@mailasail.com): SSHA512 password too short
Jan 24 22:40:44 mail1 dovecot: auth-worker: Warning: Invalid OTP data in
passdb
Jan 24 22:40:44 mail1 dovecot: auth-worker: Warning: Invalid OTP data in
passdb
Jan 24 22:40:44 mail1 dovecot: auth-worker: Debug:
sql(d...@blah.com,1.2.24.129): SHA256({PLAIN}asdf) !=
'8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts='
Forgot to say. this is with dovecot 2.0.17
Thanks for any pointers
Ed W