Loading ...
Sorry, an error occurred while loading the content.

Password mismatch. Might the md5usm be wrong?

Expand Messages
  • Dotan Cohen
    On an Ubuntu Server 12.04 system with Dovecot 2.0.19 I am having some trouble with the Dovecot passwords. I am finding this in the logs when I unsuccessfully
    Message 1 of 4 , Jul 7, 2013
    • 0 Attachment
      On an Ubuntu Server 12.04 system with Dovecot 2.0.19 I am having some
      trouble with the Dovecot passwords. I am finding this in the logs when
      I unsuccessfully try to log in:

      Jul 07 08:13:25 auth-worker: Debug:
      pam(user@...,212.
      179.241.14): lookup service=dovecot
      Jul 07 08:13:25 auth-worker: Debug:
      pam(user@...,212.179.241.14): #1/1 style=1 msg=Password:
      Jul 07 08:13:27 auth-worker: Info:
      pam(user@...,212.179.241.14): pam_authenticate() failed:
      Authentication failure (password mismatch?) (given password: 12345)
      Jul 07 08:13:29 auth: Debug: client out: FAIL 2 user=user@...
      Jul 07 08:13:29 pop3-login: Info: Disconnected (auth failed, 2
      attempts): user=<user@...>, method=PLAIN,
      rip=212.179.241.14, lip=10.138.11.251

      This is not the real password, but an example to show that I think
      that there is an issue:
      $ /usr/bin/doveadm pw -u user@... -s DIGEST-MD5
      Enter new password: # Here I have typed "12345"
      Retype new password: # Here I have typed "12345"
      {DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
      $ printf "12345" | md5sum
      827ccb0eea8a706c4c34a16891f84e7b -
      $

      Shouldn't that password match the md5sum check? Also, might I have the
      file formats wrong?
      $ cat passwd
      user@...::5000:5000::/var/mail/vhosts/someDomain.com/user
      $ cat shadow
      user@...:{DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
      $

      Thanks!

      --
      Dotan Cohen

      http://gibberish.co.il
      http://what-is-what.com
    • Dotan Cohen
      Note that testing in Telnet fails the password as well, both when specifying the user without a domain and with a domain: $ telnet mail.someDomain.com 143
      Message 2 of 4 , Jul 7, 2013
      • 0 Attachment
        Note that testing in Telnet fails the password as well, both when
        specifying the user without a domain and with a domain:

        $ telnet mail.someDomain.com 143
        Trying x.x.x.x...
        Connected to mail.someDomain.com.
        Escape character is '^]'.
        * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
        IDLE AUTH=PLAIN] Dovecot ready.
        a login user 12345
        a NO [AUTHENTICATIONFAILED] Authentication failed.
        e logout
        * BYE Logging out
        e OK Logout completed.
        Connection closed by foreign host.
        $ telnet mail.someDomain.com 143
        Trying x.x.x.x...
        Connected to mail.someDomain.com.
        Escape character is '^]'.
        * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
        IDLE AUTH=PLAIN] Dovecot ready.
        a login user@... 12345
        a NO [AUTHENTICATIONFAILED] Authentication failed.
        * BAD Error in IMAP command received by server.
        e logout
        * BYE Logging out
        e OK Logout completed.
        Connection closed by foreign host.
        $

        --
        Dotan Cohen

        http://gibberish.co.il
        http://what-is-what.com
      • Mark Alan
        On Sun, 7 Jul 2013 11:29:55 +0300, Dotan Cohen ... The best place for this question is the Dovecot mailing list. That said, as a hint
        Message 3 of 4 , Jul 7, 2013
        • 0 Attachment
          On Sun, 7 Jul 2013 11:29:55 +0300, Dotan Cohen <dotancohen@...>
          wrote:
          > On an Ubuntu Server 12.04 system with Dovecot 2.0.19 I am having some
          >
          > $ /usr/bin/doveadm pw -u user@... -s DIGEST-MD5
          > Enter new password: # Here I have typed "12345"
          > {DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
          > $ printf "12345" | md5sum
          > 827ccb0eea8a706c4c34a16891f84e7b -
          >
          > Shouldn't that password match the md5sum check? Also, might I have the
          > file formats wrong?

          The best place for this question is the Dovecot mailing list.

          That said, as a hint you should look at:
          http://wiki2.dovecot.org/Tools/Doveadm/Pw

          While at that page, if go to the part about '-u user' it clearly reads:
          'When the DIGEST-MD5 scheme is used, also the user name must be
          given, because the user name is a part of the generated hash.'

          Where in 'printf "12345" | md5sum', is that (required) user name?

          M.
        • Dotan Cohen
          ... Wow, Mark, you re right! I m sorry, I ve been googling at this for quite a while and my judgement must be impaired! ... I see, thanks. That alleviates that
          Message 4 of 4 , Jul 7, 2013
          • 0 Attachment
            On Sun, Jul 7, 2013 at 12:39 PM, Mark Alan <m6rkalan@...> wrote:
            > The best place for this question is the Dovecot mailing list.
            >

            Wow, Mark, you're right! I'm sorry, I've been googling at this for
            quite a while and my judgement must be impaired!


            > That said, as a hint you should look at:
            > http://wiki2.dovecot.org/Tools/Doveadm/Pw
            >
            > While at that page, if go to the part about '-u user' it clearly reads:
            > 'When the DIGEST-MD5 scheme is used, also the user name must be
            > given, because the user name is a part of the generated hash.'
            >
            > Where in 'printf "12345" | md5sum', is that (required) user name?
            >

            I see, thanks. That alleviates that issue! For curiosity's sake I
            tried to md5 hash the following, without being able to recreate the
            md5 hash as generated by doveadm:
            user:pass@...
            user@...:pass
            user@... pass

            --
            Dotan Cohen

            http://gibberish.co.il
            http://what-is-what.com
          Your message has been successfully submitted and would be delivered to recipients shortly.