Re: [Dovecot] Password auth scheme question with mysql

Tue, 24 Jan 2012 14:52:18 -0800 

On 24/01/2012 22:06, Ed W wrote:
Hi, I have a current auth database using mysql with a "password" column in plain text. The config has "default_pass_scheme = PLAIN" specified 


In preparation for a more adaptable system I changed a password entry 
from "asdf" to "{PLAIN}asdf", but now auth fails.  Works fine if I 
change it back to just "asdf". (I don't believe it's a caching problem)



What might I be missing?  I was under the impression that the password 
column can include a {scheme} prefix to indicate the password scheme 
(presumably this also means a password cannot start with a "{"?).  Is 
this still true when using mysql and default_pass_scheme ?


Hmm, so I try:

# doveadm pw -p asdf -s sha256
{SHA256}8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts=


I enter this hash into my database column, then enabling debug logging I 
see this in the logs:



Jan 24 22:40:44 mail1 dovecot: auth: Debug: 
cache(d...@mailasail.com,1.2.24.129): SHA256({PLAIN}asdf) != 
'8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts='
Jan 24 22:40:44 mail1 dovecot: auth-worker: Debug: 
sql(d...@blah.com,1.2.24.129): query: SELECT NULLIF(mail_host, 
'1.2.24.129') as proxy, NULLIF(mail_host, '1.2.24.129') as host, email 
as user, password, password as pass, home userdb_home, concat(home, '/', 
maildir) as userdb_mail, 200 as userdb_uid, 200 as userdb_gid FROM users 
WHERE email = 
if('blah.com'<>'','d...@blah.com','d...@blah.com@mailasail.com') and 
flag_active=1
Jan 24 22:40:44 mail1 dovecot: auth-worker: 
sql(d...@blah.com,1.2.24.129): Password mismatch (given password: 
{PLAIN}asdf)
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error: 
md5_verify(d...@mailasail.com): Not a valid MD5-CRYPT or PLAIN-MD5 password
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error: 
ssha256_verify(d...@mailasail.com): SSHA256 password too short
Jan 24 22:40:44 mail1 dovecot: auth-worker: Error: 
ssha512_verify(d...@mailasail.com): SSHA512 password too short
Jan 24 22:40:44 mail1 dovecot: auth-worker: Warning: Invalid OTP data in 
passdb
Jan 24 22:40:44 mail1 dovecot: auth-worker: Warning: Invalid OTP data in 
passdb
Jan 24 22:40:44 mail1 dovecot: auth-worker: Debug: 
sql(d...@blah.com,1.2.24.129): SHA256({PLAIN}asdf) != 
'8OTC92xYkW7CWPJGhRvqCR0U1CR6L8PhhpRGGxgW4Ts='



Forgot to say. this is with dovecot 2.0.17

Thanks for any pointers

Ed W






















					Reply via email to