Where can I change this db password? Maybe this is good point. ;) but I
don't get it how change passdb auth from db to file could impact on rows in
db. I would like to get this work on default settings. I have copy of
dovecot.conf file but with default settings I can't send emails. Let's
forget about cram-md5. I don't need this anymore. In dovecot-sql.conf I
have:
driver = mysql
connect = host=localhost dbname=dbispconfig user=ispconfig
password=06549e2a867ee50a107098f424073acd port=3306
default_pass_scheme = CRYPT
and would be lovely to leave it as it is, because I only changed (and I
don't need this cram-md5 as auth type) in dovecot.conf:
auth_mechanisms = plain login cram-md5 #added cram-md5
passdb {
#args = /etc/dovecot/dovecot-sql.conf
#driver = sql
#added below two lines and commented out above two default lines using
tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
after removed cram-md5 from auth_mechanisms and set default lines in passdb
block from unknown reason I can't send emails. This is insane.
2017-02-23 16:08 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:
> ---
> Maybe you should change your DB-Password: You sent it to the list inside
> the atteched file:
> password=06549...3acd port=3306
> ---
>
>
> Your problem with cram-md5 is, that you have
>
> "default_pass_scheme = CRYPT"
>
> in /etc/dovecot/dovecot-sql.conf.
>
>
> As mentioned in this text from my last mail, you need to change the
> schema your passwords are stored in:
> >>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
> >>> under "Non-plaintext authentication mechanisms":
> >>> "The problem with non-plaintext auth mechanisms is that the password
> >>> must be stored either in plaintext, or using a mechanism-specific
> scheme
> >>> that's incompatible with all other non-plaintext mechanisms. In
> >>> addition, the mechanism-specific schemes often offer very little
> >>> protection. This isn't a limitation of Dovecot, it's a requirement for
> >>> the algorithms to even work.
> >>>
> >>> For example if you're going to use CRAM-MD5 authentication, the
> password
> >>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
> >>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
> >>> plaintext. "
>
> You'll have to set an other default scheme in your
> /etc/dovecot/dovecot-sql.conf and recreate your passwords in the db.
> Read more in above mentioned URL.
>
> Or you can prefix every password with its scheme, but i don't remember
> details.
>
>
> Willi
>
>
>
> Am 23.02.2017 um 15:35 schrieb Poliman - Serwis:
> > "Now i understand, that you want to add cram-md5 to the mechs, but to
> > authenticate still against the sql-db?" Hehe no. I have cram-md5 and
> when I
> > try sql-db I can't send emails.
> > I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that
> Postfix
> > logs go to mail.log and mail.err files.
> > "dovecot logs for the mentioned two cases?" - which two cases? :)
> > dovecot-sql.conf output in attachement.
> > "maybe a link to the mentioned dovecot threat" - do You mean tutorial
> based
> > on I setup cram-md5 in dovecot?
> >
> > 2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de <
> > wilfried.es...@essignetz.de>:
> >
> >> Now i understand, that you want to add cram-md5 to the mechs, but to
> >> authenticate still against the sql-db?
> >>
> >>
> >> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
> >> under "Non-plaintext authentication mechanisms":
> >> "The problem with non-plaintext auth mechanisms is that the password
> >> must be stored either in plaintext, or using a mechanism-specific scheme
> >> that's incompatible with all other non-plaintext mechanisms. In
> >> addition, the mechanism-specific schemes often offer very little
> >> protection. This isn't a limitation of Dovecot, it's a requirement for
> >> the algorithms to even work.
> >>
> >> For example if you're going to use CRAM-MD5 authentication, the password
> >> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
> >> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
> >> plaintext. "
> >>
> >> Does that possibly point out your problem?
> >>
> >>
> >> Otherwise please provide
> >> - dovecot logs for the mentioned two cases?
> >> - contnet of /etc/dovecot/dovecot-sql.conf?
> >> - maybe a link to the mentioned dovecot threat.
> >>
> >> Did you find your postfix logs? Which system do you use?
> >>
> >>
> >> Willi
> >>
> >>
>
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*ser...@poliman.pl <ser...@poliman.pl>*
