Re: [Dovecot] Strange error: DIGEST-MD5 mechanism can't be supported with given passdbs

[Nick Rosier]

Yubao Liu wrote:
> Hi all,
> 
> I have no idea about that message, here is my configuration, what's wrong?

You have 2 passdb entries; 1 with a file and 1 with pam. I'm pretty sure
PAM doesn't support DIGEST-MD5 authentication. Could be the cause of the
problem.

> Debian testing, Dovecot 2.0.15
> 
> $ doveconf -n
> # 2.0.15: /etc/dovecot/dovecot.conf
> # OS: Linux 3.1.0-1-686-pae i686 Debian wheezy/sid
> auth_default_realm = corp.example.com
> auth_krb5_keytab = /etc/dovecot.keytab
> auth_master_user_separator = *
> auth_mechanisms = gssapi digest-md5
> auth_realms = corp.example.com
> auth_username_format = %n
> first_valid_gid = 1000
> first_valid_uid = 1000
> mail_location = mdbox:/srv/mail/%u/Mail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave
> passdb {
>   args = /etc/dovecot/master-users
>   driver = passwd-file
>   master = yes
>   pass = yes
> }
> passdb {
>   driver = pam
> }
> plugin {
>   sieve = /srv/mail/%u/.dovecot.sieve
>   sieve_dir = /srv/mail/%u/sieve
> }
> protocols = " imap lmtp sieve"
> service auth {
>   unix_listener auth-client {
>     group = Debian-exim
>     mode = 0660
>   }
> }
> ssl_cert = </etc/ssl/certs/dovecot.pem
> ssl_key = </etc/ssl/private/dovecot.pem
> userdb {
>   args = home=/srv/mail/%u
>   driver = passwd
> }
> protocol lmtp {
>   mail_plugins = " sieve"
> }
> protocol lda {
>   mail_plugins = " sieve"
> }
> 
> # cat /etc/dovecot/master-users
> x...@corp.example.com:zzzzzzzz
> 
> The zzzzz is obtained by "doveadm pw -s digest-md5 -u
> x...@corp.example.com",
> I tried to add prefix "{DIGEST-MD5}" before the generated hash and/or add
> "scheme=DIGEST-MD5" to the passwd-file passdb's "args" option, both
> don't help.
> 
> The error message:
> dovecot: master: Dovecot v2.0.15 starting up (core dumps disabled)
> dovecot: auth: Fatal: DIGEST-MD5 mechanism can't be supported with given
> passdbs
> gold dovecot: master: Error: service(auth): command startup failed,
> throttling
> 
> I opened debug auth log,  it showed dovecot read /etc/dovecot/master-users
> and parsed one line, then the error occurred.  Doesn't passwd-file
> passdb support
> digest-md5 password scheme?  If it doesn't support, how do I configure
> digest-md5 auth
> mechanism with digest-md5 password scheme for virtual users?
> 
> Regards,
> Yubao Liu
> 

Rgds,
N.