[Dovecot] ldap SMD5 vs. CRYPT

Joshua Goodall joshua at roughtrade.net
Wed Oct 6 01:56:47 EEST 2004


On Tue, Oct 05, 2004 at 03:14:58PM +0200, Adam Pordzik wrote:
> Hello,
> 
> am I right, that dovecot can't cope with ldap so authentification
> is handled by ldap itself? And, for that I have to use {CRYPT} and
> cannot use other mechanisms as {SMD5}

Dovecot doesn't support handing off authentication to LDAP, unless
you use PAM (which eliminates the possibility of CRAM-MD5 or DIGEST-MD5
authentication).

Dovecot supports the RFC2307 userPassword LDAP attribute and through
that the following schemes:

{CRYPT}
{MD5} (note: Dovecot's {MD5} differs from LDAP's {MD5})
{PLAIN}
{DIGEST-MD5}
{SHA1}
{PLAIN-MD5}

You can fix the MD5 issue and gain support for {SMD5} with my patch
at http://www.roughtrade.net/dovecot/dovecot-ldap-md5-quirk-0.99.10.6.diff
although I haven't tested this recently. Let me know if it works for you.

NB The 1.0-test series also adds support for more password hashes:

{SHA} / {SHA1} / {SMD5} / {SSHA} / {CLEARTEXT} / {HMAC-MD5} / {LDAP-MD5}
{LANMAN} / {NTLM} / {RPA}

AFAIK, all the above are either directly compatible with OpenLDAP's
authentication behaviour or can at least be stored in userPassword.

J

-- 
Joshua Goodall                           "as modern as tomorrow afternoon"
joshua at roughtrade.net                                       - FW109



More information about the dovecot mailing list