BUG: nopassword doesn't work with CRAM-MD5
Arkadiusz Miśkiewicz
arekm at maven.pl
Thu Nov 17 08:30:44 UTC 2016
On Thursday 17 of November 2016, Aki Tuomi wrote:
> On 17.11.2016 10:14, Arkadiusz Miśkiewicz wrote:
> > Hello.
> >
> > dovecot 2.2.26.0
> >
> > When testing nopassword extra field
> > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5
> > dovecot doesn't allow any password (while it should) and returns
> >
> > " Authentication failed"
> >
> > while in logs:
> >
> > Nov 17 08:22:34 auth-worker(1551): Info:
> > sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we
> > have a NULL password
> >
> > NULL is there because our sql query returns empty password just like wiki
> > says "nopassword: you want to allow all passwords, use an empty
> > password and this field. "
> >
> >
> > If password is returned in sql query then it fails, too:
> >
> > Nov 17 09:00:49 auth-worker(2206): Error:
> > sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is
> > non- empty
> >
> > So looks to be a bug.
>
> It's not a bug. CRAM-MD5 does in fact require *some* password to work,
Provide fake/random one for nopassword internally.
> you can either store it with doveadm pw -S CRAM-MD5 or as plain text
> password.
Then I get
> > sql(pepe,127.0.0.1,<eO5vlnpBtNd/AAAB>): nopassword set but password is
> > non- empty
So that doesn't help
btw. doveadm pw -S is not documented, so no idea what it does
> Aki
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the dovecot
mailing list