{"id":1189,"date":"2017-02-24T10:51:31","date_gmt":"2017-02-24T15:51:31","guid":{"rendered":"http:\/\/easy-admin.ca\/?p=1189"},"modified":"2017-02-24T10:51:31","modified_gmt":"2017-02-24T15:51:31","slug":"cram-md5-authentication-for-dovecot","status":"publish","type":"post","link":"https:\/\/easy-admin.ca\/index.php\/2017\/02\/24\/cram-md5-authentication-for-dovecot\/","title":{"rendered":"CRAM-MD5 authentication for Dovecot"},"content":{"rendered":"

This entry documents the basic process for setting up CRAM-MD5 authentication for Dovecot. <\/span><\/span><\/p>\n

Firstly, you need to enable the mechanism and specify a passwd database file in Dovecot. The mechanism and passdb file are specified in the dovecot.conf<\/tt> configuration file, on a Red Hat or similar system this is located in the \/usr\/local\/etc\/<\/tt> directory. <\/span><\/span><\/p>\n

<\/span># Space separated list of wanted authentication mechanisms:\r\n<\/span># plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi\r\n<\/span>auth_mechanisms = plain login cram-md5\r\n<\/span>\r\n<\/span># passwd-like file with specified location \r\n<\/span>passdb { \r\n<\/span>  driver = passwd-file\r\n<\/span>  # Path for passwd-file. Also set the default password scheme.\r\n<\/span>  args = scheme=cram-md5 \/etc\/cram-md5.pwd \r\n<\/span>}<\/pre>\n
You see that I\u2019ve added the cram-md5 mechanism to the mechanisms<\/tt> statement and then added a passdb file, \/etc\/cram-md5.pwd<\/tt>. <\/span><\/span><\/p>\n
Next, you need to create this passdb file and set appropriate permissions. <\/span><\/span><\/p>\n
<\/span># touch \/etc\/cram-md5.pwd \r\n<\/span># chmod 0600 \/etc\/cram-md5.pwd<\/pre>\n
After creating the file you need to add your users and hashed passwords to the passdb file. The users and passwords are added in the format: <\/span><\/span><\/p>\n
<\/span>username:passwordhash<\/pre>\n
You can generate password hashes using “doveadm pw”: <\/span><\/span><\/p>\n
<\/span># doveadm pw\r\n<\/span>Enter new password: password\r\n<\/span>Retype new password: password\r\n<\/span>{CRAM-MD5}26b633ec8bf9dd526293c5897400bddeef9299fad<\/pre>\n
Enter the user\u2019s password when prompted and it will be converted and outputted as a hash. The default hashed output is in the CRAM-MD5 scheme. You can change the scheme of the outputted hashes using the -s<\/tt> command line switch. <\/span><\/span><\/p>\n
Now add the generated password to the passdb file, \/etc\/cram-md5.pwd<\/tt>. <\/span><\/span><\/p>\n
<\/span>username:26b633ec8bf9dd526293c5897400bddeef9299fad<\/pre>\n
Finally, restart Dovecot and test authentication by enabling the appropriate mechanism in your email client. For example, to enable CRAM-MD5 authentication in Thunderbird you need to check the \u201cUse secure authentication\u201d checkbox in the Account Settings page. <\/span><\/span><\/p>\n
I recommend that you also use TLS\/SSL to encrypt the authentication process as well.<\/p>\n","protected":false},"excerpt":{"rendered":"
This entry documents the basic process for setting up CRAM-MD5 authentication for Dovecot. Firstly, you need to enable the mechanism and specify a passwd database file in Dovecot. The mechanism and passdb file are specified in the dovecot.conf configuration file, on a Red Hat or similar system this is located in the \/usr\/local\/etc\/ directory. # … Continue reading CRAM-MD5 authentication for Dovecot<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"slim_seo":{"title":"CRAM-MD5 authentication for Dovecot - HP Server","description":"This entry documents the basic process for setting up CRAM-MD5 authentication for Dovecot. Firstly, you need to enable the mechanism and specify a passwd databa"},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1189","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/1189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/comments?post=1189"}],"version-history":[{"count":0,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/1189\/revisions"}],"wp:attachment":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/media?parent=1189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/categories?post=1189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/tags?post=1189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}