[lug] dovecot/PAM mix

[Hugh Brown]

D. Stimits wrote:
> D. Stimits wrote:
> 
>> It seems that dovecot does not support encrypted auth on linux via the 
>> basic out-of-the-box settings, due to using PAM, and PAM not 
>> supporting those auth methods (so really it's a PAM limit). Several 
>> options seem to exist, including postgresql, but some of the earlier 
>> comments about simplicity and recovery make the file option seem best. 
>> Would the separate password file be the simple route? I'm not sure how 
>> to maintain passwords in such a file, but all of the users involved 
>> have real system accounts already via /etc/passwd, perhaps there's a 
>> way to migrate or automate this?
>>
> 
> Just adding some info...I've upgraded it to the latest v. 1, and have it 
> set to use passwd-file, generating the password via dovecotpw. I set 
> mechanisms = "cram-md5 digest-md5", "protocols = imaps".
> 
> Mozilla still will not allow me to try to log in with secure auth only 
> setting, it tells me that the imap server does not support secure auth.  
> Anything anyone might suggest to test? auth_verbose is not helping, all 
> I get is
> dovecot: imap-login: Disconnected: rip=yyy.yyy.yyy.yyy, 
> lip=xxx.xxx.xxx.xxx, TLS
> (actual IP's changed)
> 
> D. Stimits, stimits AT comcast DOT net

there are two secure auth settings in Thunderbird/Mozilla.  The box that 
says "Use Secure Authentication" is actually intended for talking to MS 
Exchange (this is my memory from last time I had to deal with this, I 
can't seem to find useful info about this option now).  All that you 
need for imaps is to tell Thunderbird/Mozilla to use TLS/SSL and the 
right port number.

I'd also try using openssl's s_client to do a test connection (similar 
to using telnet to 143 and doing an IMAP session by hand).

Hugh