On 20 December 2018 at 14:33 Odhiambo Washington < odhia...@gmail.com> wrote:
On Thu, 20 Dec 2018 at 15:23, Aki Tuomi < aki.tu...@open-xchange.com> wrote:
>On 20 December 2018 at 14:10 Odhiambo Washington < odhia...@gmail.com>wrote:>You've made this more difficult to understand, even :-)So the answer is:Set the following in 10-auth.conf1. disable_plaintext_auth = no2. auth_mechanisms = plainAnd yes, the encrypted passwords are stored in MySQL.>You cannot use hashed passwords with digest-md5 mechanism.Aki
So, for the record, whenever passwords are hashed, digest-md5 should bedisabled/removed from auth_mechanisms.
My question though - for purposes of understanding - how does dovecot takethe sent password from a client and match it against the hashed one storedin the DB (in my case)? What happens in between the process?
--Best regards,Odhiambo WASHINGTON,Nairobi,KE+254 7 3200 0004/+254 7 2274 3223"Oh, the cruft.", grep ^[^#] :-)
Dovecot hashes the client sent password using the same salt and compares the result.
---
Aki Tuomi
Aki Tuomi
