Re: Password storage
Rupert Gallagher via dovecot skrev den 2024-05-06 09:42:
What is dovecot's state of the art on password storage? Can we use
bcrypt instead of plain text?
yes if argon2 is compiled in dovecot
[I] net-mail/dovecot
Available versions: 2.3.20-r1{tbz2} ~2.3.20-r2(0/2.3.20)
~2.3.20-r3(0/2.3.20) ~2.3.21(0/2.3.21) ~2.3.21-r1(0/2.3.21) {argon2 caps
doc kerberos ldap lua lucene lz4 managesieve mysql pam postgres rpc
selinux sieve solr sqlite static-libs stemmer suid systemd tcpd textcat
unwind zstd LUA_SINGLE_TARGET="lua5-1 lua5-3"}
Installed versions: 2.3.20-r1{tbz2}(00:57:56 04/29/24)(caps lua
managesieve pam postgres sieve -argon2 -doc -kerberos -ldap -lucene -lz4
-mysql -rpc -selinux -solr -sqlite -static-libs -stemmer -suid -systemd
-tcpd -textcat -unwind -zstd LUA_SINGLE_TARGET="lua5-1 -lua5-3")
Homepage:https://www.dovecot.org/
Description: An IMAP and POP3 server written with security
primarily in mind
is what i have in gentoo
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Re: Password storage
On 06/05/2024 10:42 EEST Rupert Gallagher via dovecot wrote: What is dovecot's state of the art on password storage? Can we use bcrypt instead of plain text? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org Please have a look at the documentation about possible schemes: https://doc.dovecot.org/configuration_manual/authentication/password_schemes/ Aki ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Password storage
What is dovecot's state of the art on password storage? Can we use bcrypt instead of plain text? ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
[Dovecot] CRAM-MD5 authentication but plain-md5 password storage.
Hi all,
Got a question on configuring dovecot, I'm still new at this so I
might be doing this all wrong.
I want dovecot to authenticate the mail client using CRAM-MD5 so I've
setup the config in dovecot.conf:
auth default {
mechanisms = cram-md5
passdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
args = /etc/dovecot/dovecot-sql.conf
}
snipped
}
In my dovecot-sql.conf I've setup the password scheme to be:
default_pass_scheme = MD5
Somehow this does not work, the error I see in the logfile is:
auth-worker(default): password(i...@richard5.tld,127.0.0.1): Requested
CRAM-MD5 scheme, but we have only MD5
Is there a way to get this working or does this feature only works
with passwords stored in plain text ?
Thanks!
Richard
Re: [Dovecot] CRAM-MD5 authentication but plain-md5 password storage.
On 06/22/2009 08:26 PM Richard wrote:
Hi all,
Got a question on configuring dovecot, I'm still new at this so I
might be doing this all wrong.
I want dovecot to authenticate the mail client using CRAM-MD5 so I've
setup the config in dovecot.conf:
auth default {
mechanisms = cram-md5
passdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
args = /etc/dovecot/dovecot-sql.conf
}
snipped
}
In my dovecot-sql.conf I've setup the password scheme to be:
default_pass_scheme = MD5
Somehow this does not work, the error I see in the logfile is:
auth-worker(default): password(i...@richard5.tld,127.0.0.1): Requested
CRAM-MD5 scheme, but we have only MD5
Is there a way to get this working or does this feature only works
with passwords stored in plain text ?
Either use plain text, but this is NOT recommended, or dovecotpw:
/path/to/dovecotpw -p plaintexpassword
{CRAM-MD5}aba976aa6a7f048a82db01301075725bf42c6ad98f01a2747a853e0f479e25f8
Or w/o -p password, for the interactive mode.
Regards,
Pascal
--
The trapper recommends today: c01dcofe.0917...@localdomain.org
Re: [Dovecot] CRAM-MD5 authentication but plain-md5 password storage.
On Mon, Jun 22, 2009 at 8:38 PM, Pascal
Volkuser+dove...@localhost.localdomain.org wrote:
Either use plain text, but this is NOT recommended, or dovecotpw:
/path/to/dovecotpw -p plaintexpassword
{CRAM-MD5}aba976aa6a7f048a82db01301075725bf42c6ad98f01a2747a853e0f479e25f8
Or w/o -p password, for the interactive mode.
Regards,
Pascal
Pascal, thanks for the quick reply. I'm using postfixadmin for user
administration so I guess plaintext passwords is the current solution.
Excuse my newbie question but I want to try and understand this. What
is the reason to have to use plaintext passwords for this kind of
authentication?
Regards,
Richard
Re: [Dovecot] CRAM-MD5 authentication but plain-md5 password storage.
On 06/22/2009 08:49 PM Richard wrote: Pascal, thanks for the quick reply. I'm using postfixadmin for user administration so I guess plaintext passwords is the current solution. Excuse my newbie question but I want to try and understand this. What is the reason to have to use plaintext passwords for this kind of authentication? When storing passwords in plain text, Dovecot could generate the hashes 'on the fly' (when a user logs in and want to use for example CRAM-MD5, instead of PLAIN or LOGIN). But a user can also use the PLAIN or LOGIN mechanism even when the password is stored as CRAM-MD5 hash. BUT: A user cannot login using DIGEST-MD5 if the password is stored as CRAM-MD5 hash. In this case the password should be stored as DIGEST-MD5 hash (or as plain text (not recommended!)) Further information is available at: http://wiki.dovecot.org/Authentication/Mechanisms Regards; Pascal -- The trapper recommends today: c01dcofe.0917...@localdomain.org
