This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.
Differences between revisions 24 and 29 (spanning 5 versions)
Revision 24 as of 2009-05-26 17:44:22
Size: 1479
Editor: TimoSirainen
Revision 29 as of 2013-06-26 14:53:36
Size: 1477
Editor: TimoSirainen
Deletions are marked like this. Additions are marked like this.
Line 10: Line 10:


Authentication is split into four parts:

  1. Authentication mechanisms

  2. Password schemes

  3. Password databases

  4. User databases

Authentication mechanisms vs. password schemes

Authentication mechanisms and password schemes are often confused, because they have somewhat similar values. For example there is a PLAIN auth mechanism and PLAIN password scheme. But they mean completely different things.

  • Authentication mechanism is a client/server protocol. It's about how the client and server talk to each others in order to perform the authentication. Most people use only PLAIN authentication, which basically means that the user and password are sent without any kind of encryption to server. SSL/TLS can then be used to provide the encryption to make PLAIN authentication secure.

  • Password scheme is about how the password is hashed in your password database. If you use a PLAIN scheme, your passwords are stored in cleartext without any hashing in the password database. A popular password scheme MD5-CRYPT (also commonly used in /etc/shadow) where passwords looks like "$1$oDMXOrCA$plmv4yuMdGhL9xekM.q.I/".

  • Plaintext authentication mechanisms work with ALL password schemes.
  • Non-plaintext authentication mechanisms require either PLAIN password scheme or a mechanism-specific password scheme.

None: Authentication (last edited 2013-06-26 14:53:36 by TimoSirainen)