If you want both CRAM-MD5 and DIGEST-MD5 auth, the password must be in
plaintext format.
http://wiki2.dovecot.org/Authentication/Mechanisms#Non-plaintext_authentication
(In theory it would be possible to have both CRAM-MD5 and DIGEST-MD5 hashes
stored in the passdb and have Dovecot use the one that's needed, but currently
this isn't supported.)
On 19.2.2013, at 13.38, Darren Pilgrim <list_dove...@bluerosetech.com> wrote:
> I have three postfix 2.9.5 servers: chombo, rush, yoshi. Chombo relays to
> rush and yoshi for outbound email. Outbound relay requires SASL
> authentication. Rush and yoshi run Dovecot 2.1.12 servers with simple
> passwd-file backends.
>
> If I create a new password hash for chombo's user, houseloki, on either rush
> or yoshi:
>
> # doveadm pw -u houseloki -p <password>
> {CRAM-MD5}...
>
> Then I add that to rush and yoshi's passwd file:
>
> houseloki@_auth.bluerosetech.com:{CRAM-MD5}...
>
> Then `doveadm reload`, it works fine:
>
> # doveadm auth houseloki <password>
> passdb: houseloki auth succeeded
> extra fields:
> user=houseloki@_auth.bluerosetech.com
>
> So I add that username and password to the smtp_sasl_password_maps hash file
> on chombo, reload postfix, and then try to relay something from chombo, it
> fails with rush and yoshi logging warnings like:
>
> Feb 19 03:32:33 yoshi postfix/smtpd[75783]: warning:
> chombo.example.com[2001:db8::2]: SASL DIGEST-MD5 authentication failed:
> <really long string redacted>
>
> Rush and yoshi have other hashes in their passwd files, and if I configure
> chombo to use one of those, it works fine. Those hashes use digest-md5 and
> are at least a few years old. I tried that scheme instead of the default
> cram-md5, as well as several others, but none work. I've poured over the
> wiki and man pages, but can't find the problem.
>
> What am I missing? Why can I not generate new hashes correctly?
>
