Re: [Dovecot] (no subject)

2013-07-08 Thread Dotan Cohen 
On Sun, Jul 7, 2013 at 4:10 PM, Axel Luttgens axelluttg...@swing.be wrote:
 Hello Dotan,

 Note that md5sum calculates a hash similar to the one used by dovecot's 
 MD5-PLAIN scheme:

 $ doveadm pw -s PLAIN-MD5 -p 12345
 {PLAIN-MD5}827ccb0eea8a706c4c34a16891f84e7b


 Shouldn't that password match the md5sum check?

 As a result: no... ;-)


I see! I've tried a few formats to verify the MD5 hash, but none
produced the expected results. In any case, I've gotten that part of
Dovecot working now that I've discovered that most of the information
online is for Dovecot 1. However the Dovecot 2 wiki is terrific and it
pulled me through.

 [...]
 $ telnet mail.someDomain.com 143
 Trying x.x.x.x...
 Connected to mail.someDomain.com.
 Escape character is '^]'.
 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
 IDLE AUTH=PLAIN] Dovecot ready.
 a login user 12345
 [...]

 I doubt this is a valid attempt:

 - unless I'm wrong, the command should be authenticate (not login)

No, it does seem that 'login' is the right command. I've got it working now.

 - the server doesn't seem to be configured for making use of digest-md5

 You may find an example of such an authentication near the end of 
 http://tools.ietf.org/html/rfc2831.
 You might also have a look at 
 http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5.


Thank you, that was indeed part of the issue!

--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

[Dovecot] (no subject)

2013-07-07 Thread Dotan Cohen 
On an Ubuntu Server 12.04 system with Dovecot 2.0.19 I am having some
trouble with the Dovecot passwords. I am finding this in the logs when
I unsuccessfully try to log in:

Jul 07 08:13:25 auth-worker: Debug:
pam(u...@somedomain.com,212.
179.241.14): lookup service=dovecot
Jul 07 08:13:25 auth-worker: Debug:
pam(u...@somedomain.com,212.179.241.14): #1/1 style=1 msg=Password:
Jul 07 08:13:27 auth-worker: Info:
pam(u...@somedomain.com,212.179.241.14): pam_authenticate() failed:
Authentication failure (password mismatch?) (given password: 12345)
Jul 07 08:13:29 auth: Debug: client out: FAIL   2   user=u...@somedomain.com
Jul 07 08:13:29 pop3-login: Info: Disconnected (auth failed, 2
attempts): user=u...@somedomain.com, method=PLAIN,
rip=212.179.241.14, lip=10.138.11.251

This is not the real password, but an example to show that I think
that there is an issue:
$ /usr/bin/doveadm pw -u u...@somedomain.com -s DIGEST-MD5
Enter new password: # Here I have typed 12345
Retype new password: # Here I have typed 12345
{DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
$ printf 12345 | md5sum
827ccb0eea8a706c4c34a16891f84e7b  -
$

Shouldn't that password match the md5sum check? Also, might I have the
file formats wrong?
$ cat passwd
u...@somedomain.com::5000:5000::/var/mail/vhosts/someDomain.com/user
$ cat shadow
u...@somedomain.com:{DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
$

Note that testing in Telnet fails the password as well, both when
specifying the user without a domain and with a domain:

$ telnet mail.someDomain.com 143
Trying x.x.x.x...
Connected to mail.someDomain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN] Dovecot ready.
a login user 12345
a NO [AUTHENTICATIONFAILED] Authentication failed.
e logout
* BYE Logging out
e OK Logout completed.
Connection closed by foreign host.
$ telnet mail.someDomain.com 143
Trying x.x.x.x...
Connected to mail.someDomain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN] Dovecot ready.
a login u...@somedomain.com 12345
a NO [AUTHENTICATIONFAILED] Authentication failed.
* BAD Error in IMAP command received by server.
e logout
* BYE Logging out
e OK Logout completed.
Connection closed by foreign host.

Thanks!

--
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com