[prev in list] [next in list] [prev in thread] [next in thread]
List: dovecot
Subject: Re: [Dovecot] (no subject)
From: Axel Luttgens <AxelLuttgens () swing ! be>
Date: 2013-07-07 13:10:55
Message-ID: 7105B8B0-905D-4CF4-A1CF-2FF72674F731 () swing ! be
[Download RAW message or body]
Le 7 juil. 2013 à 11:47, Dotan Cohen a écrit :
> [...]
> $ /usr/bin/doveadm pw -u user@someDomain.com -s DIGEST-MD5
> Enter new password: # Here I have typed "12345"
> Retype new password: # Here I have typed "12345"
> {DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
> $ printf "12345" | md5sum
> 827ccb0eea8a706c4c34a16891f84e7b -
> $
Hello Dotan,
Note that md5sum calculates a hash similar to the one used by dovecot's MD5-PLAIN scheme:
$ doveadm pw -s PLAIN-MD5 -p 12345
{PLAIN-MD5}827ccb0eea8a706c4c34a16891f84e7b
> Shouldn't that password match the md5sum check?
As a result: no... ;-)
> [...]
> $ telnet mail.someDomain.com 143
> Trying x.x.x.x...
> Connected to mail.someDomain.com.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
> IDLE AUTH=PLAIN] Dovecot ready.
> a login user 12345
> [...]
I doubt this is a valid attempt:
- unless I'm wrong, the command should be authenticate (not login)
- the server doesn't seem to be configured for making use of digest-md5
You may find an example of such an authentication near the end of http://tools.ietf.org/html/rfc2831.
You might also have a look at http://wiki2.dovecot.org/Authentication/Mechanisms/DigestMD5.
HTH,
Axel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic