LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 07-20-2004, 01:48 PM   #1
lildrummerboy
LQ Newbie
 
Registered: Jun 2004
Distribution: Fedora Core 1
Posts: 21

Rep: Reputation: 15
dovecot / password


just set up dovecot,

I set up dovecot and all is well, but before I decide that I want to set something up outside of my network, are all passwords secure? should I only use new created users with no special permissions? I setup dovecot.conf with

auth = default

and in default {} the default value is md5-digest

but when I try to select that option with evolution I get this:"unable to connect to POP server $Server_Name: no support for requested authentication mechanism"and it will only work on evolution if I pick "password" for authentication. Just wondering, I guess if this sends passwords in plain text, or if it is encrypted and why I cant choose md5-digest option with evolution...maybe someone could help me here.
 
Old 07-20-2004, 03:12 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 3,988

Rep: Reputation: 261Reputation: 261Reputation: 261
I use dovecot with Mozilla mail, thunderbird, and HORDE IMP and I use plain as opposed to MD5 authentication. This means that passwords are encrypted with the standard crypt algoritm instead of with MD5 -- try that, it might work. Also, either the password or the encrypted hash is going to be sent in the clear unles you're using POP3/IMAP over SSL -- have you set up dovecot to work with SSL?
 
Old 07-20-2004, 03:45 PM   #3
lildrummerboy
LQ Newbie
 
Registered: Jun 2004
Distribution: Fedora Core 1
Posts: 21

Original Poster
Rep: Reputation: 15
I have tried plain it is the only way it works, but in evolution I pick password does it still get encrypted? and about ssl no i have considered that but dont know much about it...could you point me in the direction to learn about it, I would not like to buy stuff from verisign, but it still works with out getting authentictation certificate right?
How do I create public/private keys?
Is it really worth doing all that or does plain encrypt enough that I shouldn't have to worry 2 much about security?
Anyways if you could like I said point me in the right direction for doing this, that would be great, when you do though please keep in mind I know little to nothing about SSL.

I did read the documentation on dovecot though and mkcert.sh and i got the following error

error on line -1 of dovecot-openssl.cnf
6468:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('dovecot-openssl.cnf','rb')
6468:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
6468:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197:

also i am doing pop, server so in dovecot-openssl.cnf so i think i would have to change something there?

Last edited by lildrummerboy; 07-20-2004 at 03:55 PM.
 
Old 07-20-2004, 03:54 PM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 3,988

Rep: Reputation: 261Reputation: 261Reputation: 261
I am not sure whether the password gets encrypted in Evolution or at the server, but it doesn't particularly matter since it can just be sniffed off the wire and replayed either way. If your e-mail users also have shell access you really ought to go in for SSL. You don't need to pay VeriSign anything. In the doc directory of the dovecot source there is a script called mkcert.sh. You should edit the dovecot-openssl.cnf file and then run that script -- it will walk you through creating a SSL certificate. Then just enable pop3s and/or ipmaps (secure POP3/IMAP) in dovecot.conf, point it to the certificate, and you're set -- it's actually fairly easy. You'll need to tell your clients to trust your self-signed certificate.
 
Old 07-20-2004, 05:38 PM   #5
lildrummerboy
LQ Newbie
 
Registered: Jun 2004
Distribution: Fedora Core 1
Posts: 21

Original Poster
Rep: Reputation: 15
ok i havent tested it yet, but i believe it is working, I just want to make sure permissions for private key should be 600, read and writeable by root thats all and public key read by every1 and writable by root?
 
Old 07-20-2004, 05:53 PM   #6
lildrummerboy
LQ Newbie
 
Registered: Jun 2004
Distribution: Fedora Core 1
Posts: 21

Original Poster
Rep: Reputation: 15
ahh its not working...I saw certificate, though it didn't look very neat looking as far as what the output it gave me in evolution was, then when it asked for password it took a long time then finially returned this:

Error while 'Fetching Mail':
Unable to connect to POP server 192.168.2.4.
Error sending password: Unknown error

when I do nmap port 995/tcp is open which is pop3s.

+++++++++++++++++++++++++++++++++++++++++++++++++++++

nvm it is working now, dont ask what i did wrong I am not quite sure, I redid keys and played around with it and somehow got it to work, still would like to know why wierd format of certificate though

Last edited by lildrummerboy; 07-20-2004 at 06:13 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
selinux and dovecot Ammad Linux - Security 1 11-24-2005 10:38 PM
dovecot fc4 Ammad Linux - Networking 2 11-05-2005 09:27 PM
Postfix and Dovecot umbraeOtheisles Linux - Software 3 11-23-2004 07:36 AM
IMAP to dovecot GuitsBoy Linux - Software 0 11-22-2004 11:10 AM
Getting Dovecot working Q25 Linux - Software 0 09-23-2004 07:23 AM


All times are GMT -5. The time now is 02:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration