This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.
Differences between revisions 6 and 9 (spanning 3 versions)
Revision 6 as of 2006-12-16 13:42:46
Size: 3203
Editor: TimoSirainen
Comment:
Revision 9 as of 2007-08-01 13:04:24
Size: 4564
Editor: TimoSirainen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
Passwords can be stored in [wiki:PasswordDatabase password databases] in many different formats. Usually they should be stored encrypted just to make sure that if an attacker gets into your computer he can't easily read everyone's passwords. Password scheme means the format in which the password is stored in [:PasswordDatabase:password databases]. The most commonly used password schemes are:
Line 5: Line 5:
With non-plaintext [wiki:Authentication/Mechanisms authentication mechanisms] you either have to store the password in a mechanism-specific format (which is incompatible with all other auth mechanisms except plaintext ones), or you'll have to store the passwords as plaintext. Usually you don't have to worry about this if you don't want to, because most clients don't support anything else than plaintext authentication anyway. Encrypting the connection with SSL gives the necessary protection for the passwords.  * '''PLAIN''': Password is in plaintext.
 * '''CRYPT''': Traditional DES-crypted password in {{{/etc/passwd}}} (e.g. "pass" = {{{vpvKh.SaNbR6s}}})
  * Dovecot uses libc's {{{crypt()}}} function, which means that CRYPT usually is able to also decrypt MD5-CRYPT and possibly also other password schemes.
 * '''MD5-CRYPT''': MD5 based salted password hash nowadays commonly used in {{{/etc/shadow}}}. (e.g. "pass" = {{{$1$ozdpg0V0$0fb643pVsPtHVPX8mCZYW/}}})
   * '''MD5''': Alias for MD5-CRYPT. Dovecot versions earlier than v1.0.rc16 need to use this instead of MD5-CRYPT. This name is deprecated because MD5-CRYPT isn't an actual MD5 hash.
 * '''PLAIN-MD5''': An actual MD5 hash of the password. (e.g. "pass" = {{{1a1dc91c907325c69271ddf0c944bc72}}})
Line 7: Line 12:
With plaintext auth mechanisms it doesn't matter in which format the password is stored locally, because Dovecot will internally encrypt the sent plaintext password to match the storage scheme. Password databases have a default password scheme:
Line 9: Line 14:
Often you already have the passwords in some specific format, so the best idea is to just keep using them. Otherwise just pick one to use, for example SSHA.  * [:AuthDatabase/SQL:SQL]: See {{{default_pass_scheme}}} setting in {{{dovecot-sql.conf}}}
 * [:AuthDatabase/LDAP:LDAP]: See {{{default_pass_scheme}}} setting in {{{dovecot-ldap.conf}}}
 * [:AuthDatabase/PasswdFile:PasswdFile], [:AuthDatabase/Passwd:Passwd], [:PasswordDatabase/Shadow:Shadow], [:AuthDatabase/VPopMail:VPopMail]: CRYPT is used by default and can't be changed currently.
 * [:PasswordDatabase/PAM:PAM], [:PasswordDatabase/BSDAuth:BSDAuth], [:PasswordDatabase/CheckPassword:CheckPassword]: Dovecot never even sees the password with these databases, so Dovecot has nothing to do with what password scheme is used.
Line 11: Line 19:
Currently supported password schemes are: The password scheme can be overridden for each password by prefixing it with {SCHEME}, for example: {{{{PLAIN}pass}}}.
Line 13: Line 21:
 * CRYPT: DES-based encryption. This is how passwords are historically stored in `/etc/passwd`.
 * LANMAN: DES-based encryption. Used sometimes with NTLM mechanism.
Dovecot contains a {{{dovecotpw}}} utility which can be used to easily generate passwords for a wanted scheme.
Line 16: Line 23:
 * NTLM: MD4 sum of the password stored in hex. Used with NTLM mechanism. == What scheme to use? ==
Line 18: Line 25:
 * MD5-CRYPT: MD5 crypt. Another format historically used in `/etc/passwd` (v1.0.rc16 and later, for older use MD5)
  * MD5: Deprecated name for MD5-CRYPT. The password isn't really in a standard MD5 format (like PLAIN-MD5 is).
 * PLAIN-MD5: MD5 sum of the password stored in hex.
 * LDAP-MD5: MD5 sum of the password stored in base64.
 * SMD5: Salted MD5 sum of the password stored in base64.
 * CRAM-MD5: Use with CRAM-MD5 mechanism (v1.0.rc16 and later, for older use HMAC-MD5)
  * HMAC-MD5: Deprecated name for CRAM-MD5. The password isn't really in a standard HMAC-MD5 format.
 * DIGEST-MD5: Use with DIGEST-MD5 mechanism. The username is included in the hash, so it's not possible to use the hash for different usernames.
 * RPA: Use with RPA mechanism.
With most installations it doesn't really matter what scheme you're using. If you already have users with existing passwords, it's easiest to just keep using the same scheme. Otherwise just pick something strong enough, for example SSHA.
Line 28: Line 27:
 * SHA: SHA1 sum of the password stored in base64.
 * SSHA: Salted SHA1 sum of the password stored in base64.
The main idea behind storing passwords in non-plaintext scheme is that if an attacker gets access to your server, he can't easily just get all users' passwords and start using them. With stronger schemes it takes more time to crack the passwords.
Line 31: Line 29:
 * PLAIN: Password is in plaintext. == Non-plaintext authentication mechanisms ==
Line 33: Line 31:
Default password scheme can usually be specified for password database. You can override it by prefixing the password with {SCHEME}, for example `{PLAIN}password`. Note that not all [wiki:PasswordDatabase password databases] support changing the scheme. With some you might cause incompatibilities with other software using it (eg. [wiki:AuthDatabase/Passwd passwd], [wiki:PasswordDatabase/Shadow shadow]) and with others it simply isn't possible at all because of the way they work (eg. [wiki:PasswordDatabase/PAM PAM]). See ["Authentication/Mechanisms"] for explanation of auth mechanisms. Most installations use only plaintext mechanisms, so you can skip this section unless you know you want to use them.
Line 35: Line 33:
Dovecot contains a `dovecotpw` utility which can be used to easily generate passwords for wanted scheme. The problem with non-plaintext auth mechanisms is that the password must be stored either in plaintext, or using a mechanism-specific scheme that's incompatible with all other non-plaintext mechanisms. For example if you're going to use CRAM-MD5 authentication, the password needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in plaintext.
Line 37: Line 35:
For some schemes (eg. PLAIN-MD5, SHA) Dovecot is able to detect if the password hash is base64 or hex encoded, so both can be used. `dovecotpw` anyway generates the passwords using the encoding mentioned above. In future it's possible that Dovecot could support multiple passwords in different schemes for a single user.

== Supported schemes ==

'''PLAIN''', '''CRYPT''' and '''MD5-CRYPT''' schemes were explained above.

Non-plaintext mechanism specific schemes:

 * '''LANMAN''': DES-based encryption. Used sometimes with NTLM mechanism.
 * '''NTLM''': MD4 sum of the password stored in hex. Used with NTLM mechanism.
 * '''RPA''': Used with RPA mechanism.
 * '''CRAM-MD5''': Used with CRAM-MD5 mechanism (v1.0.rc16 and later, for older use HMAC-MD5)
  * '''HMAC-MD5''': Deprecated name for CRAM-MD5. The password isn't really in a standard HMAC-MD5 format.
 * '''DIGEST-MD5''': Used with [:Authentication/Mechanisms/DigestMD5:DIGEST-MD5 mechanism]. The username is included in the hash, so it's not possible to use the hash for different usernames.

MD5 based schemes:

 * '''PLAIN-MD5''': MD5 sum of the password stored in hex.
 * '''LDAP-MD5''': MD5 sum of the password stored in base64.
 * '''SMD5''': Salted MD5 sum of the password stored in base64.

SHA based schemes:

 * '''SHA''': SHA1 sum of the password stored in base64.
 * '''SSHA''': Salted SHA1 sum of the password stored in base64.
 * '''SHA256''': SHA256 sum of the password stored in base64. (v1.1 and later).

For some schemes (e.g. PLAIN-MD5, SHA) Dovecot is able to detect if the password hash is base64 or hex encoded, so both can be used. {{{dovecotpw}}} anyway generates the passwords using the encoding mentioned above.

Password Schemes

Password scheme means the format in which the password is stored in [:PasswordDatabase:password databases]. The most commonly used password schemes are:

  • PLAIN: Password is in plaintext.

  • CRYPT: Traditional DES-crypted password in /etc/passwd (e.g. "pass" = vpvKh.SaNbR6s)

    • Dovecot uses libc's crypt() function, which means that CRYPT usually is able to also decrypt MD5-CRYPT and possibly also other password schemes.

  • MD5-CRYPT: MD5 based salted password hash nowadays commonly used in /etc/shadow. (e.g. "pass" = $1$ozdpg0V0$0fb643pVsPtHVPX8mCZYW/)

    • MD5: Alias for MD5-CRYPT. Dovecot versions earlier than v1.0.rc16 need to use this instead of MD5-CRYPT. This name is deprecated because MD5-CRYPT isn't an actual MD5 hash.

  • PLAIN-MD5: An actual MD5 hash of the password. (e.g. "pass" = 1a1dc91c907325c69271ddf0c944bc72)

Password databases have a default password scheme:

  • [:AuthDatabase/SQL:SQL]: See default_pass_scheme setting in dovecot-sql.conf

  • [:AuthDatabase/LDAP:LDAP]: See default_pass_scheme setting in dovecot-ldap.conf

  • [:AuthDatabase/PasswdFile:PasswdFile], [:AuthDatabase/Passwd:Passwd], [:PasswordDatabase/Shadow:Shadow], [:AuthDatabase/VPopMail:VPopMail]: CRYPT is used by default and can't be changed currently.

  • [:PasswordDatabase/PAM:PAM], [:PasswordDatabase/BSDAuth:BSDAuth], [:PasswordDatabase/CheckPassword:CheckPassword]: Dovecot never even sees the password with these databases, so Dovecot has nothing to do with what password scheme is used.

The password scheme can be overridden for each password by prefixing it with {SCHEME}, for example: {PLAIN}pass.

Dovecot contains a dovecotpw utility which can be used to easily generate passwords for a wanted scheme.

What scheme to use?

With most installations it doesn't really matter what scheme you're using. If you already have users with existing passwords, it's easiest to just keep using the same scheme. Otherwise just pick something strong enough, for example SSHA.

The main idea behind storing passwords in non-plaintext scheme is that if an attacker gets access to your server, he can't easily just get all users' passwords and start using them. With stronger schemes it takes more time to crack the passwords.

Non-plaintext authentication mechanisms

See ["Authentication/Mechanisms"] for explanation of auth mechanisms. Most installations use only plaintext mechanisms, so you can skip this section unless you know you want to use them.

The problem with non-plaintext auth mechanisms is that the password must be stored either in plaintext, or using a mechanism-specific scheme that's incompatible with all other non-plaintext mechanisms. For example if you're going to use CRAM-MD5 authentication, the password needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in plaintext.

In future it's possible that Dovecot could support multiple passwords in different schemes for a single user.

Supported schemes

PLAIN, CRYPT and MD5-CRYPT schemes were explained above.

Non-plaintext mechanism specific schemes:

  • LANMAN: DES-based encryption. Used sometimes with NTLM mechanism.

  • NTLM: MD4 sum of the password stored in hex. Used with NTLM mechanism.

  • RPA: Used with RPA mechanism.

  • CRAM-MD5: Used with CRAM-MD5 mechanism (v1.0.rc16 and later, for older use HMAC-MD5)

    • HMAC-MD5: Deprecated name for CRAM-MD5. The password isn't really in a standard HMAC-MD5 format.

  • DIGEST-MD5: Used with [:Authentication/Mechanisms/DigestMD5:DIGEST-MD5 mechanism]. The username is included in the hash, so it's not possible to use the hash for different usernames.

MD5 based schemes:

  • PLAIN-MD5: MD5 sum of the password stored in hex.

  • LDAP-MD5: MD5 sum of the password stored in base64.

  • SMD5: Salted MD5 sum of the password stored in base64.

SHA based schemes:

  • SHA: SHA1 sum of the password stored in base64.

  • SSHA: Salted SHA1 sum of the password stored in base64.

  • SHA256: SHA256 sum of the password stored in base64. (v1.1 and later).

For some schemes (e.g. PLAIN-MD5, SHA) Dovecot is able to detect if the password hash is base64 or hex encoded, so both can be used. dovecotpw anyway generates the passwords using the encoding mentioned above.

None: Authentication/PasswordSchemes (last edited 2012-04-27 18:36:34 by bugeye)