At 15:36 11-12-2009, Shane Chrisp wrote:
Ro Achterberg wrote:
I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL
installation and I believe I've run into a problem. Dovecot is
servicing both IMAP and POP3, using MySQL as the authentication
middle-man. It seems however that vpopmail is storing its passwords
as MD5-CRYPT in the MySQL tables, while I want Dovecot to use
CRAM-MD5. This seems to be the most used authentication scheme by
far, and I'd like to avoid using PLAIN or LOGIN authentications as
they're not up to my security standards.
When I try setting default_pass_scheme = CRAM-MD5 in
dovecot-sql.conf, Dovecot's auth worker complains with the following line:
Dec 11 12:31:52 onion dovecot: auth-worker(default):
sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected
Which makes sense, because the passwords are stored as MD5-CRYPT by
vpopmail. I assume that my setup is not unique in its kind, which
makes me wonder what I'm doing wrong here! Any insights on how to
make this work using CRAM-MD5 passwords throughout the whole system
would be greatly appreciated.
You will need to enable plain text passwords in the database to be
able to use cram-md5.
In dovecot-sql.conf, I tried setting default_pass_scheme to both
PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably
missing the point.
Did you perhaps mean to have vpopmail store the user passwords in
plain text? I'm just checking, because to me it seems to lower
security and it seems to defeat the purpose of working with hashed
passwords. Could you please confirm this?