Need help in understanding auth digest-md5 and realm

Fri, 27 Oct 2017 08:01:14 -0700 

Hello dovecot community,
I've setup dovecot and need a bit help in understanding the auth mechanism digest-md5 and realm 

in 10-auth.conf I got

auth_mechanisms = plain login digest-md5 cram-md5 apop
#auth_realms =
#auth_default_realm =

So i got empty realms.


Auth normally works fine and clients can auth with mechanism digest-md5 
and I see the following log entries:



dovecot: auth: Debug: 
sql(u...@temizbau.de,46.85.229.153,<klUjO3FcTy8uVeWZ>): Generating 
DIGEST-MD5 from user 'u...@temizbau.de', password 'xxxx'
dovecot: auth: Debug: 
sql(u...@gruene-wiesentheid.de,87.168.26.5,<ISVLQXFcT/xXqBoF>): 
Generating DIGEST-MD5 from user 'u...@gruene-wiesentheid.de@', password 
'xxxxxxxxxx'
dovecot: auth: Debug: 
sql(u...@vitaler-genuss.de,81.209.203.170,<tzxyT3FcT9RR0cuq>): 
Generating DIGEST-MD5 from user 'u...@vitaler-genuss.de', password 
'xxxxxxxxxxx'



But sometimes clients get a password mismatch and I the see the 
following log entries:



dovecot: auth: Debug: 
sql(u...@temizbau.de,80.187.103.15,<adzhAnVclmxQu2cP>): Generating 
DIGEST-MD5 from user 'u...@temizbau.de@mail.beckspaced.com', password 'xxxx'
dovecot: auth: Debug: 
sql(u...@thansadet.com,87.218.86.165,<LWItYHVc6r1X2lal>): Generating 
DIGEST-MD5 from user 'u...@thansadet.com@mail.beckspaced.com', password 
'xxxxxxxxxx'
dovecot: auth: Debug: 
sql(u...@plaa-thansadetresort.com,110.164.127.146,<aGhcvHBcStJupH+S>): 
Generating DIGEST-MD5 from user 
'u...@plaa-thansadetresort.com@imap.beckspaced.com', password 'xxxxxxxxxx'



when there's a password mismatch I see a different user string for 
generating the digest-md5 hash.
i suppose users use a different mail client and the mail client does 
things differently?


How can I fix this password mismatch thing?


Do i just need to set an auth_realms of some random string in the 
10-auth.conifig

Or does the auth_realms need to be a host name? Domain name of some sort?

For the moment I just removed the digest-md5 mechanism ...
Or could I just simply not offer that mechanism?

If someone could shed some light on this I would be more than grateful ;)

Thanks & greetings
Becki






















					Reply via email to