SfR Fresh: [dovecot-1.0.15.tar.gz] Member Authentication.Mechanisms.DigestMD5.txt (dovecot-1.0.15/doc/wiki/Authentication.Mechanisms.DigestMD5.txt) ...

"SfR Fresh" - the SfR Freeware/Shareware Archive

Member "dovecot-1.0.15/doc/wiki/Authentication.Mechanisms.DigestMD5.txt" of archive dovecot-1.0.15.tar.gz:

As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.

    1 
    2 
    3 Digest-MD5 Authentication Mechanism
    4 ===================================
    5 
    6 
    7 Digest-MD5 has two things that make it special and which can cause problems: 
    8 
    9  * Instead of using user@domain usernames, it supports *realms*. 
   10  * User name and realm are part of the MD5 hash that's used for authentication. 
   11 
   12 
   13 Realms
   14 ======
   15 
   16 
   17 Dovecot v1.0 has problems handling user@domain style usernames with Digest-MD5 and passwords stored in plaintext in the password database. You'll need to use realms instead. You'll need to specify realms in the config file: 
   18 
   19 ---%<-------------------------------------------------------------------------
   20 auth_realms = example.com another.example.com
   21 ---%<-------------------------------------------------------------------------
   22 
   23 All listed realms are presented to the client and it can select to use one of them. However some clients always use the first realm, so keep it your primary one. 
   24 
   25 
   26 DIGEST-MD5 scheme
   27 =================
   28 
   29 
   30 Alternative to using realms is to store the passwords using DIGEST-MD5 scheme. It's a MD5 sum of "user:realm:password" string. So for example if you want to log in as 'user@example.com', create the password with: 
   31 
   32 ---%<-------------------------------------------------------------------------
   33 % echo -n "user@example.com::pass"|md5sum
   34 e5c14634647ab53ff84f189addd7c518  -
   35 ---%<-------------------------------------------------------------------------
   36 
   37 Note that if you're using DIGEST-MD5 scheme to store the passwords, you can't change the users' names in any way or the authentication will fail because the MD5 sums don't match. 
   38 
   39 
   40 Testing
   41 =======
   42 
   43 
   44 You can use 'imtest' from Cyrus SASL [None] library: 
   45 
   46 ---%<-------------------------------------------------------------------------
   47 # With realm:
   48 imtest -a user -r example.com
   49 # Without realm:
   50 imtest -a user@example.com
   51 ---%<-------------------------------------------------------------------------
   52 
   53 (This file was created from the wiki on 2007-12-11 04:42)