Saturday 05 of May 2007 16:13:47 Łukasz Mierzwa napisał(a):
> Hi,
>
> I'm using dovecot-1.0.0 on gentoo box and I have problem with
> authentication using digest-md5 and passwords stored as plain text in ldap
> database, when I use cram-md5 it works, while digest-md5 give this error
> (squirrelmail login):
>
> May 5 16:03:32 srv dovecot: auth(default): client in: AUTH 1
> DIGEST-MD5 service=IMAP secured lip=127.0.0.1 rip=127.0.0.1
> May 5 16:03:32 srv dovecot: auth(default): client out: CONT 1
> [password hash]
> May 5 16:03:32 srv dovecot: auth(default): client in: CONT<hidden>
> May 5 16:03:32 srv dovecot: auth(default):
> ldap([EMAIL PROTECTED],127.0.0.1): pass search:
> base=ou=domain.com,cn=Users,dc=domain,dc=com scope=subtree
> filter=(&(objectClass=posixAccount)(uid=user)) fields=userPassword May 5
> 16:03:32 srv dovecot: auth(default): ldap([EMAIL PROTECTED],127.0.0.1):
> result: userPassword(password)=<hidden>
> May 5 16:03:32 srv dovecot: auth(default): digest-md5
> ([EMAIL PROTECTED],127.0.0.1): password mismatch
> May 5 16:03:32 srv dovecot: auth(default): client out: FAIL 1
> [EMAIL PROTECTED]
> May 5 16:03:32 srv dovecot: imap-login: Aborted login:
> user=<[EMAIL PROTECTED]>, method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1,
> secured
>
> It seems that client and dovecot hashes calculated for DIGEST-MD5 are
> different, I tested squirrelmail 1.4.9a, kmail 3.5.6 both can't login using
> digest-md5 so maybe dovecot does not working correctly? Passwords where
> created using phpldapadmin and "clear" password type, cram-md5 logins are
> ok. I can't find any info on ldap and digest-md5 incompatibility in dovecot
> wiki, can anyone give my a hint?
>
> my dovecot-ldap.conf:
> uris = ldaps://127.0.0.1
> dn = uid=dovecot,cn=Daemons,dc=domain,dc=com
> dnpass = secret
> sasl_bind = no
> tls = no
> auth_bind = no
> ldap_version = 3
> base = ou=%d,cn=Users,dc=domain,dc=com
> deref = never
> scope = subtree
> pass_attrs = userPassword=password
> pass_filter = (&(objectClass=posixAccount)(uid=%n))
> default_pass_scheme = PLAIN
>
> my dovecot.conf:
> protocols = imap imaps managesieve
> shutdown_clients = yes
> syslog_facility = mail
> ssl_cert_file = /etc/ssl/cert
> ssl_key_file = /etc/ssl/key
> verbose_ssl = no
> login_process_per_connection = yes
> login_processes_count = 2
> login_max_processes_count = 10
> login_user = dovecot
> login_dir = /var/run/dovecot/login
> login_chroot = yes
> mail_location = maildir:/var/mail/%d/%n
> mail_extra_groups = postfix
> mail_full_filesystem_access = no
> mail_debug = no
> verbose_proctitle = yes
> first_valid_uid = 2000
> last_valid_uid = 2000
> first_valid_gid = 2000
> last_valid_uid = 2000
> maildir_copy_with_hardlinks = yes
> disable_plaintext_auth = yes
>
> protocol imap {
> imap_client_workarounds = outlook-idle
> }
>
> protocol lda {
> postmaster_address = [EMAIL PROTECTED]
> hostname = domain.com
> mail_plugins = cmusieve
> }
>
> auth_default_realm = pcserwis.net
> auth_username_format = %Lu
> auth_verbose = yes
> auth_debug = yes
> auth_debug_passwords = no
>
> auth default {
> mechanisms = plain login cram-md5 digest-md5
>
> passdb ldap {
> args = /etc/dovecot/dovecot-ldap.conf
> }
>
> userdb static {
> args = uid=2000 gid=2000 home=/var/mail/%d/%n
> }
>
> socket listen {
> client {
> path = /var/spool/postfix/private/auth
> mode = 0660
> user = vmail
> group = postfix
> }
> master {
> path = /var/run/dovecot/auth-master
> mode = 0600
> user = vmail
> }
> }
> }
>
> protocol managesieve {
> listen = *:2000
> login_executable = /usr/libexec/dovecot/managesieve-login
> mail_executable = /usr/libexec/dovecot/managesieve
> }
Nobody tried DIGEST-MD5 ?
--
Łukasz Mierzwa
