[Dovecot] auth failure with digest-md5

LeVA leva at az.isten.hu
Fri Aug 18 02:44:40 EEST 2006 

Hi!

I'm using:
Dovecot 1.0.beta8
OpenBSD 3.9
KMail 1.9.3


My password file contains only one user now. I've changed its password 
to a dumb one: 'asd' (so this is not a wrong password failure :)

I've configured the PLAIN and DIGEST-MD5 mechanisms in dovecot.conf, and 
I'm only using pop3.
Also I've turned on the verbose auth logging, and I'm attaching the logs 
inline. My password db contains the {DIGEST-MD5} prefixed password.
The problem is very simple but very weird.
I start the dovecot server and try to log in.
It succeeds, I'm happy.
But after one (the first) success, all further logins fails. Yes this a 
sometimes working/sometimes not problem, which is rare in this 
business...

Here is the log of the first success:

00:48:41 Info: auth(default): client in: AUTH 1 DIGEST-MD5 service=POP3 
secured lip=192.168.0.202 rip=192.168.0.3 resp=
<newline>
00:48:41 Info: auth(default): client out: CONT   1 
cmVhbG09IiIsbm9uY2U9ImJua2tUaHBDVURJblFENWRJZlgyb1E9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI=
<newline>
00:48:41 Info: auth(default): client in: CONT   1       
dXNlcm5hbWU9ImxldmEiLHJlYWxtPSIiLG5vbmNlPSJibmtrVGhwQ1VESW5RRDVkSWZYMm9RPT0iLGNub25jZT0iTy9MYndLMVo1dWc4ZURiT2wzaWlhN2ZsTUVTV3MvN1JSc05HL3JPbzhpND0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InBvcC8xOTIuMTY4LjAuMjAyIixyZXNwb25zZT0wYTQ3ZmUyNmVlMDg0MWE4ZDgzNTM3NzI5MzUxZmE3YQ==
<newline>
00:48:41 Info: auth(default): client out: CONT  1 
cnNwYXV0aD01MmQ1YTRlNTVhNWNiYzA0NDk2YTg5ODcyMDMwMGUxYw==
<newline>
00:48:41 Info: auth(default): client in: CONT   1
<newline>
00:48:41 Info: auth(default): client out: OK    1       user=username
<newline>
00:48:41 Info: auth(default): master in: REQUEST 9 15718   1
<newline>
00:48:41 Info: auth(default): master out: USER  9 username uid=6000 
gid=6000 home=/var/mail/virtual/username/./
<newline>
00:48:41 Info: pop3-login: Login: user=<username>, method=DIGEST-MD5, 
rip=192.168.0.3, lip=192.168.0.202, TLS
<newline>
00:48:41 Info: POP3(username): Disconnected: Logged out top=0/0, 
retr=0/0, del=0/0, size=0


And after that, every login fails:

00:49:28 Info: auth(default): client in: AUTH 1 DIGEST-MD5 service=POP3 
secured lip=192.168.0.202 rip=192.168.0.3 
resp=dXNlcm5hbWU9ImxldmEiLHJlYWxtPSIiLG5vbmNlPSJibmtrVGhwQ1VESW5RRDVkSWZYMm9RPT0iLGNub25jZT0iTy9MYndLMVo1dWc4ZURiT2wzaWlhN2ZsTUVTV3MvN1JSc05HL3JPbzhpND0iLG5jPTAwMDAwMDAyLHFvcD1hdXRoLGRpZ2VzdC11cmk9InBvcC8xOTIuMTY4LjAuMjAyIixyZXNwb25zZT0wMWRkMDNjYTcyMzBmMzM5YjRiY2NlM2VmMTcwMGU4Yw==
<newline>
00:49:28 Info: pop3-login: Aborted login: method=DIGEST-MD5, 
rip=192.168.0.3, lip=192.168.0.202, TLS
<newline>
00:49:28 Info: auth(default): passwd-file /etc/dovecot.passwd: Read 1 
users


I can notice that the second (the failure) log is shorter than the first 
(the success). Maybe something is missing from there.

The PLAIN auth mechanism is working, even after a failed DIGEST-MD5 
login. In fact the PLAIN login always works :)

Thanks!

Daniel

-- 
LeVA

More information about the dovecot mailing list