On Thu, 20 Dec 2018 at 15:54, Aki Tuomi <aki.tu...@open-xchange.com> wrote:
> > On 20 December 2018 at 14:33 Odhiambo Washington < odhia...@gmail.com> > wrote: > > > On Thu, 20 Dec 2018 at 15:23, Aki Tuomi < aki.tu...@open-xchange.com> > wrote: > > > > > On 20 December 2018 at 14:10 Odhiambo Washington < odhia...@gmail.com> > wrote: > > > > > You've made this more difficult to understand, even :-) > > So the answer is: > Set the following in 10-auth.conf > > 1. disable_plaintext_auth = no > 2. auth_mechanisms = plain > > And yes, the encrypted passwords are stored in MySQL. > > > > > You cannot use hashed passwords with digest-md5 mechanism. > > Aki > > > So, for the record, whenever passwords are hashed, digest-md5 should be > disabled/removed from auth_mechanisms. > > My question though - for purposes of understanding - how does dovecot take > the sent password from a client and match it against the hashed one stored > in the DB (in my case)? What happens in between the process? > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft.", grep ^[^#] :-) > > > Dovecot hashes the client sent password using the same salt and compares > the result. > --- > Aki Tuomi > At the expense of sounding stupid, could you please expound on the sequence? :) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)