> On 18/07/2023 13:59 EEST tk...@tunenet.dk wrote:
>
>
> Hello,
>
> I am exploring the posibility of migrating an exsisting setup to
> postfix+dovecot.
> The issue being that many clients are currently configured for cram-md5
> authentication.
> I am fully aware that this is a really, really, really bad idea, but re
> configuring all clients at once is not feasible with limited end user support
> resources.
> I have a setup running with LUA for the passdb, and everything works with
> PLAIN login.
>
> To keep compatibility with the PLAIN login mechanism i have tried to store
> {PLAIN} passwords in the DB, since proper secure password storage
> is incompatible with CRAM-MD5.
>
> My issue is that the LUA function auth_password_verify(req, pass) not even
> seems to be called for cram-md5 logins.
> Reading through the documentation also seems to indicate that the callenge is
> not passed to the LUA function making it impossible to compute the hash
> in LUA or the function req.password_verify(req, row.password, pass).
>
> Is my assumption correct that cram-md5 can not work with a LUA script ?
>
> Kind regards,
> Peter K.
Hi!
CRAM-MD5 only works if you return a credential, so you need to use
auth_passdb_lookup to return it with {PLAIN} prefix. It's not possible to use
Lua script to calculate it yourself.
There is also CRAM-MD5 password scheme, but calculating that is slightly
difficult, so i'd just return the PLAIN password from auth_passdb_lookup
instead.
Aki
Aki
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
