January 28, 20232 yr The migration guide mentions the password hashing algorithm Dovecot uses. Is anything known about Courier IMAP? My current authmysqlrc is: # cat /etc/courier/authmysqlrc | sed -e 's/^MYSQL_PASSWORD.*$/MYSQL_PASSWORD removed/' MYSQL_OPT 0 MYSQL_SERVER 127.0.0.1 MYSQL_USERNAME froxlor MYSQL_PASSWORD removed MYSQL_PORT 3306 MYSQL_DATABASE froxlor MYSQL_USER_TABLE mail_users MYSQL_CRYPT_PWFIELD password_enc MYSQL_UID_FIELD uid MYSQL_GID_FIELD gid MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD homedir MYSQL_MAILDIR_FIELD maildir MYSQL_QUOTA_FIELD (quota*1024*1024) MYSQL_AUXOPTIONS_FIELD CONCAT("allowimap=",imap,",allowpop3=",pop3) Because password_enc looks like $1$zEOfoobarB4hjtXhJqEH/ and contains a algorithm type, I guess that's why the migration guide says to disable the default scheme, and it will use the $1$ to detect it? Is it always $1$, or are there also newer algorithms that Courier doesn't like?
February 3, 20232 yr Author It didn't work. After the update, the password_enc field contains {MD5-CRYPT}, like {MD5-CRYPT}$1$IcUfpkfoobar. I created a DB view to strip that content: create view mail_users_backwards as select *, replace(password_enc, '{MD5-CRYPT}', '') as password_enc_old from mail_users; I then changed authmysqlrc to use mail_users_backwards and password_enc_old. Courier doesn't support that {MD5-CRYPT} string. I also don't know why it would be there, because the $1$ specifies enough?
February 9, 20232 yr This seems like a weird workaround. Is there a proper solution to this? Or is everyone expected to switch to Dovecot then?
February 9, 20232 yr Author The Dovecot docs say: Quote The password scheme can be overridden for each password by prefixing it with {SCHEME}, for example: {PLAIN}pass. But because the $1$, $2$, etc string is already in it, this seems unnecessary? My hack is incomplete BTW: when you change the password, it changes the scheme, like to {BLF-CRYPT}. But again, because it says "$2y$", why include an override?
Create an account or sign in to comment