At 15:36 11-12-2009, Shane Chrisp wrote:
Ro Achterberg wrote:
Hi all,

I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL installation and I believe I've run into a problem. Dovecot is servicing both IMAP and POP3, using MySQL as the authentication middle-man. It seems however that vpopmail is storing its passwords as MD5-CRYPT in the MySQL tables, while I want Dovecot to use CRAM-MD5. This seems to be the most used authentication scheme by far, and I'd like to avoid using PLAIN or LOGIN authentications as they're not up to my security standards.

When I try setting default_pass_scheme = CRAM-MD5 in dovecot-sql.conf, Dovecot's auth worker complains with the following line:

Dec 11 12:31:52 onion dovecot: auth-worker(default): sql(, Password in passdb is not in expected scheme CRAM-MD5

Which makes sense, because the passwords are stored as MD5-CRYPT by vpopmail. I assume that my setup is not unique in its kind, which makes me wonder what I'm doing wrong here! Any insights on how to make this work using CRAM-MD5 passwords throughout the whole system would be greatly appreciated.

Bye, Ro

You will need to enable plain text passwords in the database to be able to use cram-md5.

In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably missing the point.

Did you perhaps mean to have vpopmail store the user passwords in plain text? I'm just checking, because to me it seems to lower security and it seems to defeat the purpose of working with hashed passwords. Could you please confirm this?

Bye, Ro


Reply via email to