Startseite » Forum » LiveConfig Forums (english) » Bugs and troubleshooting » Dovecot authentication with existing MD5 hash fails.
Ergebnis 1 bis 6 von 6
  1. #1
    Erfahrener Benutzer
    Registriert seit
    09.07.2012
    Ort
    Spanien
    Beiträge
    280

    Dovecot authentication with existing MD5 hash fails.

    It seems that existing mailbox MD5 ends up nicely in /etc/dovecot/passwd. Problem is that authentication fails. It just seems that dovecot refuses to authenticate with that scheme, so I tried to add plain-md5 to the configuration, but it does not recognise it either:

    dovecot: auth: Fatal: Unknown authentication mechanism 'plain-md5'

    Could this be a distribution issue? May be the Ubuntu version does not support it any more?

  2. #2
    Erfahrener Benutzer
    Registriert seit
    09.07.2012
    Ort
    Spanien
    Beiträge
    280
    I found the solution. With pre-existing $1$ type of hashes, the presently used label {MD5-CRYPT}, that is put there by LC's SOAP API, is not correct. The right label to use here is {CRYPT}. I just tried changing the MD5-CRYPT to CRYPT and then it would authenticate correctly. Please correct this bug!

  3. #3
    Erfahrener Benutzer
    Registriert seit
    09.07.2012
    Ort
    Spanien
    Beiträge
    280
    An update. All good for the Dovecot (pop3) side of things. Now the Postfix side. There it still fails and the log tells me:


    Code:
    postfix/smtpd[12000]: warning: server[ip]: SASL CRAM-MD5 authentication failed:
    Apparently it still is considering it a CRAM-MD5 hash. How do you make Postfix respect the same {CRYPT} label?

  4. #4
    Erfahrener Benutzer
    Registriert seit
    09.07.2012
    Ort
    Spanien
    Beiträge
    280
    The problem with sending mail had to do with SASL, which apparently it does not support encrypted passwords. So changing in /etc/dovecot/passwd {MD5-CRYPT}$1$ to {CRYPT}$1$ is still correct. What I needed to change was the the email client SMTP setting from encrypted to normal password and then it would sent correctly.

  5. #5
    Erfahrener Benutzer
    Registriert seit
    09.07.2012
    Ort
    Spanien
    Beiträge
    280

    I felt now free to change this in /usr/lib/liveconfig/lua/dovecot.lua:
    if string.len(data.password) == 34 and string.match(data.password, "^$1$%w%w%w%w%w%w%w%w$[%w./]+$") then
    -- CRYPT password (propably imported via SOAP interface)
    pwd = data.password
    algo = "CRYPT"
    else

  6. #6
    Erfahrener Benutzer
    Registriert seit
    09.07.2012
    Ort
    Spanien
    Beiträge
    280
    I noticed another error. Sometimes the CRYPT hash is not recognised as such and there must be something wrong in string.match pattern. For now I changed it to:

    string.match(data.password, "^$1$[%w./]+$[%w./]+$")
    .. which seems be a better match for the hashes I've seen.

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •