Hello,
I hope that this mailing list is "alive", since I am looking for a
solution for my problem for a long time.
I would like to migrate my existing dovecot installation from mysql to
pgsql. But I have problems with the passwords when using pgsql.
The existing and working mysql-based installation looks like this:
dovecot-sql.conf.ext:
driver = mysql
default_pass_scheme = SHA512-CRYPT
Users are created like this:
INSERT INTO mls_user (idx,domain,password,email)
VALUES (1,99,ENCRYPT('Test'),'m...@alpenjodel.de');
This setup is working, which I can verify like this:
$ telnet localhost 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5
AUTH=CRAM-MD5] Dovecot ready.
a login m...@alpenjodel.de Test
OK
Now let's take a look at the pgsql version of the setup:
dovecot-sql.conf.ext:
driver = pgsql
default_pass_scheme = SHA512-CRYPT
Users are created like this:
INSERT INTO mls_user (idx,domain,password,email)
VALUES (1,99,crypt('Test',gen_salt('des')),'m...@alpenjodel.de');
This setup is not working:
$ telnet localhost 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5
AUTH=CRAM-MD5] Dovecot ready.
a login m...@alpenjodel.de Test
a NO [AUTHENTICATIONFAILED] Authentication failed.
Assumptions:
- I believe that the mysql encrypt function uses the crypt system call,
which in turn uses the DES algorithm with a random salt.
- I believe that the same is done with the pgsql function call
crypt('Test',gen_salt('des')).
But obviously some of these assumptions must be wrong.
Besides that, the variable "default_pass_scheme" is set to
"SHA512-CRYPT" in both cases. But obviously, not SHA but DES is used by
the working mysql-based setup. I don't understand that. Could someone
please explain the relationship between the default_pass_scheme variable
and the encryption/hashing algorithm used to store the user passwords?
And finally: What can I do to migrate to pgsql?
Thank you
Magnus
