Hello,
I have a question regarding the password field of the passwd-file [1].
According to the wiki, the password field assumes a {SCHEME} of CRYPT when the
{SCHEME} is not prefixed
to this field.
So, a passwd-file like:
user:password: . . .
… is equivalent to:
user:{CRYPT}password: . . .
Does that mean an example passwd-file with NEITHER {SCHEME} or password, like:
u...@example.com:: . . . (note no scheme or password specified between
colons)
…means that the u...@example.com user does not have any valid crypted password
and therefore the
u...@example.com user cannot be authenticated ?
For example, if I use doveadm to create a null CRYPT password:
$ sudo doveadm pw -s CRYPT -p “” -u u...@example.com
… gives the result:
{CRYPT}txR1JRq9140Qk
… which differs from the example password field having NEITHER {SCHEME} or
password, like:
u...@example.com:: . . .
… so if I attempt to logon using a null password for u...@example.com when
nothing is specified in the
password field for the passwd-file:
/etc/dovecot/passwd
u...@example.com:: . . .
$ sudo doveadm auth test u...@example.com
password:
passdb: u...@example.com auth failed
… it is impossible to logon as u...@example.com with ANY PASSWORD and/or a NULL
password ?
Thanks,
- J
Sources:
[1] https://wiki2.dovecot.org/AuthDatabase/PasswdFile
