Re: HELP: wrinting dovecot-sql.conf to authenticate to an existing database

Steffen Kaiser Tue, 07 Jul 2015 22:42:52 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 7 Jul 2015, Filippo Zeus wrote:

I have a database "egroupware" with table "egw_accounts". The field "account_lid" is the 
full email address and "account_pwd" is the password in Blowfish format.

Here is my dovecot-sql.conf

driver = mysql
connect = host=localhost dbname=egroupware user=egroupware password=*********
default_pass_scheme = BLF-CRYPT
password_query = SELECT account_pwd AS password FROM egw_accounts WHERE 
account_lid = '%u'

Error: sql([email protected],::1): Invalid password in passdb: crypt() 
failed: Invalid argument
auth: Debug: client passdb out: FAIL#0111#[email protected]
dovecot: pop3-login: Debug: Ignoring unknown passdb extra field:

I think I'm having trouble with the password value that is stored in the 
account_pwd as:

{crypt}$2a$12$XTAolzXgwMC211MuZELQUedPv9tjZNs7Osh97PnZ50pAKuk3WPGmS

Reading at http://wiki2.dovecot.org/Authentication/PasswordSchemes

I suppose that the heading "{crypt}$2a$" instead of a simple "$2a$" (witch 
identifies a Blowfish password) is my problem.


Hmm, did you tried simple string replacement?

password_query = SELECT replace(account_pwd, '{crypt}', '{BLF-CRYPT}') ASpassword FROM egw_accounts WHERE account_lid = '%u'


Also, did you've read:

http://wiki2.dovecot.org/Authentication/PasswordSchemes

"BLF-CRYPT: This is the Blowfish crypt (bcrypt) scheme. It is generallyconsidered to be very secure. The encrypted password will start with $2a$(Note: bcrypt is not available on most Linux distributions)"


Did you've tried:

doveadm pw -s BLF-CRYPT

to verify if your system supports Blowfish at all?

- --Steffen Kaiser

Re: HELP: wrinting dovecot-sql.conf to authenticate to an existing database

Reply via email to