Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Password mismatch. Might the md5usm be wrong?
218 views
Skip to first unread message
Dotan Cohen
Jul 7, 2013, 4:29:55 AM7/7/13
to
On an Ubuntu Server 12.04 system with Dovecot 2.0.19 I am having some
trouble with the Dovecot passwords. I am finding this in the logs when
I unsuccessfully try to log in:
Jul 07 08:13:25 auth-worker: Debug:
pam(us...@someDomain.com,212.
179.241.14): lookup service=dovecot
Jul 07 08:13:25 auth-worker: Debug:
pam(us...@someDomain.com,212.179.241.14): #1/1 style=1 msg=Password:
Jul 07 08:13:27 auth-worker: Info:
pam(us...@someDomain.com,212.179.241.14): pam_authenticate() failed:
Authentication failure (password mismatch?) (given password: 12345)
Jul 07 08:13:29 auth: Debug: client out: FAIL 2 user=us...@someDomain.com
Jul 07 08:13:29 pop3-login: Info: Disconnected (auth failed, 2
attempts): user=<us...@someDomain.com>, method=PLAIN,
rip=212.179.241.14, lip=10.138.11.251
This is not the real password, but an example to show that I think
that there is an issue:
$ /usr/bin/doveadm pw -u us...@someDomain.com -s DIGEST-MD5
Enter new password: # Here I have typed "12345"
Retype new password: # Here I have typed "12345"
{DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
$ printf "12345" | md5sum
827ccb0eea8a706c4c34a16891f84e7b -
$
Shouldn't that password match the md5sum check? Also, might I have the
file formats wrong?
$ cat passwd
us...@someDomain.com::5000:5000::/var/mail/vhosts/someDomain.com/user
$ cat shadow
us...@someDomain.com:{DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
$
Thanks!
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
trouble with the Dovecot passwords. I am finding this in the logs when
I unsuccessfully try to log in:
Jul 07 08:13:25 auth-worker: Debug:
pam(us...@someDomain.com,212.
179.241.14): lookup service=dovecot
Jul 07 08:13:25 auth-worker: Debug:
pam(us...@someDomain.com,212.179.241.14): #1/1 style=1 msg=Password:
Jul 07 08:13:27 auth-worker: Info:
pam(us...@someDomain.com,212.179.241.14): pam_authenticate() failed:
Authentication failure (password mismatch?) (given password: 12345)
Jul 07 08:13:29 auth: Debug: client out: FAIL 2 user=us...@someDomain.com
Jul 07 08:13:29 pop3-login: Info: Disconnected (auth failed, 2
attempts): user=<us...@someDomain.com>, method=PLAIN,
rip=212.179.241.14, lip=10.138.11.251
This is not the real password, but an example to show that I think
that there is an issue:
$ /usr/bin/doveadm pw -u us...@someDomain.com -s DIGEST-MD5
Enter new password: # Here I have typed "12345"
Retype new password: # Here I have typed "12345"
{DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
$ printf "12345" | md5sum
827ccb0eea8a706c4c34a16891f84e7b -
$
Shouldn't that password match the md5sum check? Also, might I have the
file formats wrong?
$ cat passwd
us...@someDomain.com::5000:5000::/var/mail/vhosts/someDomain.com/user
$ cat shadow
us...@someDomain.com:{DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
$
Thanks!
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
Dotan Cohen
Jul 7, 2013, 4:50:48 AM7/7/13
to
Note that testing in Telnet fails the password as well, both when
specifying the user without a domain and with a domain:
$ telnet mail.someDomain.com 143
Trying x.x.x.x...
Connected to mail.someDomain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN] Dovecot ready.
a login user 12345
a NO [AUTHENTICATIONFAILED] Authentication failed.
e logout
* BYE Logging out
e OK Logout completed.
Connection closed by foreign host.
$ telnet mail.someDomain.com 143
Trying x.x.x.x...
Connected to mail.someDomain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN] Dovecot ready.
a login us...@someDomain.com 12345
a NO [AUTHENTICATIONFAILED] Authentication failed.
* BAD Error in IMAP command received by server.
e logout
* BYE Logging out
e OK Logout completed.
Connection closed by foreign host.
$
specifying the user without a domain and with a domain:
$ telnet mail.someDomain.com 143
Trying x.x.x.x...
Connected to mail.someDomain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN] Dovecot ready.
a login user 12345
a NO [AUTHENTICATIONFAILED] Authentication failed.
e logout
* BYE Logging out
e OK Logout completed.
Connection closed by foreign host.
$ telnet mail.someDomain.com 143
Trying x.x.x.x...
Connected to mail.someDomain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN] Dovecot ready.
a login us...@someDomain.com 12345
a NO [AUTHENTICATIONFAILED] Authentication failed.
* BAD Error in IMAP command received by server.
e logout
* BYE Logging out
e OK Logout completed.
Connection closed by foreign host.
$
Mark Alan
Jul 7, 2013, 5:39:41 AM7/7/13
to
On Sun, 7 Jul 2013 11:29:55 +0300, Dotan Cohen <dotan...@gmail.com>
wrote:
That said, as a hint you should look at:
http://wiki2.dovecot.org/Tools/Doveadm/Pw
While at that page, if go to the part about '-u user' it clearly reads:
'When the DIGEST-MD5 scheme is used, also the user name must be
given, because the user name is a part of the generated hash.'
Where in 'printf "12345" | md5sum', is that (required) user name?
M.
wrote:
> On an Ubuntu Server 12.04 system with Dovecot 2.0.19 I am having some
>
>
> $ /usr/bin/doveadm pw -u us...@someDomain.com -s DIGEST-MD5
> Enter new password: # Here I have typed "12345"
> Enter new password: # Here I have typed "12345"
> {DIGEST-MD5}f4e442b0dec5009eaa8b9b4104923edc
> $ printf "12345" | md5sum
> 827ccb0eea8a706c4c34a16891f84e7b -
>
> $ printf "12345" | md5sum
> 827ccb0eea8a706c4c34a16891f84e7b -
>
> Shouldn't that password match the md5sum check? Also, might I have the
> file formats wrong?
The best place for this question is the Dovecot mailing list.
> file formats wrong?
That said, as a hint you should look at:
http://wiki2.dovecot.org/Tools/Doveadm/Pw
While at that page, if go to the part about '-u user' it clearly reads:
'When the DIGEST-MD5 scheme is used, also the user name must be
given, because the user name is a part of the generated hash.'
Where in 'printf "12345" | md5sum', is that (required) user name?
M.
Dotan Cohen
Jul 7, 2013, 5:52:06 AM7/7/13
to
On Sun, Jul 7, 2013 at 12:39 PM, Mark Alan <m6rk...@gmail.com> wrote:
> The best place for this question is the Dovecot mailing list.
>
Wow, Mark, you're right! I'm sorry, I've been googling at this for
> The best place for this question is the Dovecot mailing list.
>
quite a while and my judgement must be impaired!
> That said, as a hint you should look at:
> http://wiki2.dovecot.org/Tools/Doveadm/Pw
>
> While at that page, if go to the part about '-u user' it clearly reads:
> 'When the DIGEST-MD5 scheme is used, also the user name must be
> given, because the user name is a part of the generated hash.'
>
> Where in 'printf "12345" | md5sum', is that (required) user name?
>
tried to md5 hash the following, without being able to recreate the
md5 hash as generated by doveadm:
user:pa...@someDomain.com
us...@someDomain.com:pass
us...@someDomain.com pass
0 new messages