On 10.01.2013 12:44, Thomas Pries wrote:
> Hi, > > I am currently setting up a Mailserver and decided to use Dovecot as > IMAP/POP3-Server. I read the wiki an thought about how to transmit and > store the passwords (I want to use a MySQL-database). > > I want to use encrypted transmission and encrypted storage. The wiki says: > > "If you want to use only one non-plaintext mechanism, you can store the > passwords using the mechanism's own password scheme. " > > Ok, one secure mechanism is acceptable in my scenario and the wiki gives > a list of supported authentication mechanisms and a list of supported > password schemes. > > But I am missing the relation between the two lists, which mechanism > expects which storage scheme? > > Did I overlooked any easy answer (other then "read the RFCs"). > > Best Regards > Thomas Hi Thomas, its quite simple. If you store the passwords in database in plain text then your server can use any authentication algorithm available. however if you store encrypted/hashed passwords, then the only two available authentication algorithms is: plain as the dovecot needs to properly encode the password Regards, M