Quoting SATOH Fumiyasu <fumi...@osstech.jp>:
I want to use CRAM-MD5 or DIGEST-MD5 (non-plaintext) authentication
for master users, but Dovecot 2.2.13 rejects it with the following log:
auth_mechanisms = plain login cram-md5 digest-md5
disable_plaintext_auth = yes
auth_master_user_separator = %
passdb {
driver = passwd-file
args = /etc/dovecot/passwd.masterusers
master = yes
pass = yes
}
# don't work too
#passdb {
# driver = checkpassword
# args = /opt/osstech/etc/dovecot/checkpassword.masterusers
# master = yes
# pass = yes
#}
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
Is this a bug or a restriction of Dovecot?
This is a restriction of CRAM-MD5 and DIGEST-MD5
They require plaintext passwords, you can't use password hashes on the
server if you wish to use them. Or you have to use the special
cram/digest-md5 password hash format.
There is nothing really to be gained from using these formats, it's
just better to require TLS.
