1 Topic by amachils (edited by amachils 2015-01-20 22:32:22)

  • amachils
  • Member
  • Offline
  • Registered: 2014-07-31
  • Posts: 3

Topic: Encrypted passwords

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Linux/BSD distribution name and version: Debian 7
- Related log if you're reporting an issue:
====

I have been using iRedMail for some time and just now enhanced it with a SOGo install on top of iRedMail and this works wonderfully. Just to SOGo ActiveSync component is not working very well, well it works, but it seems very slow.... I also managed to get it to 'talk' STARTTLS exclusivly, but what I can't seem to be able to figure out is how I can change the plain passwords into encrypted, so CRAM-MD5. Some articles I can find on the web refer to a wiki about this, but I can't seem to find that particular one. Can anyone help me and/or point me in the right direction?

Thanks in advance,

Angelo

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Encrypted passwords

If you want to change password to, for example, ssha with SOGo, please add below setting in /etc/sogo/sogo.conf, inside SOGoUserResources = () block:

            userPasswordAlgorithm = ssha;                                                                                     
            prependPasswordScheme = YES;

If you want to change password with iRedAdmin-Pro, you can set below parameter in iRedAdmin-Pro config file 'settings.py' (/usr/share/apache2/iredadmin/settings.py on Debian/Ubuntu):

DEFAULT_PASSWORD_SCHEME = 'SSHA'

iRedAdmin-Pro supports several password schemes, search 'DEFAULT_PASSWORD_SCHEME' in file 'libs/default_settings.py' in iRedAdmin-Pro directory for more details.

By the way, if you're running OpenLDAP backend, you can also add multiple passwords for one user with below setting:

DEFAULT_PASSWORD_SCHEME = 'SSHA+CRAM-MD5'

3 Reply by amachils (edited by amachils 2015-01-20 22:48:01)

  • amachils
  • Member
  • Offline
  • Registered: 2014-07-31
  • Posts: 3

Re: Encrypted passwords

ZhangHuangbin wrote:

If you want to change password to, for example, ssha with SOGo, please add below setting in /etc/sogo/sogo.conf, inside SOGoUserResources = () block:

            userPasswordAlgorithm = ssha;                                                                                     
            prependPasswordScheme = YES;

If you want to change password with iRedAdmin-Pro, you can set below parameter in iRedAdmin-Pro config file 'settings.py' (/usr/share/apache2/iredadmin/settings.py on Debian/Ubuntu):

DEFAULT_PASSWORD_SCHEME = 'SSHA'

iRedAdmin-Pro supports several password schemes, search 'DEFAULT_PASSWORD_SCHEME' in file 'libs/default_settings.py' in iRedAdmin-Pro directory for more details.

By the way, if you're running OpenLDAP backend, you can also add multiple passwords for one user with below setting:

DEFAULT_PASSWORD_SCHEME = 'SSHA+CRAM-MD5'

Thank you for that quick reply. My questions was more concerning how I can make this happen for imap (Dovecot) and smtp (Postfix). The manuals I find for this to do it manually don't seem to work. For example, Thunderbird can see that Dovecot is using encrypted passwords, but can't seem to login.

This is a home mailserver, so I'm not running the Pro version of iRedMail.

I'm not using LDAP, but MYSQL.

Regards, Angelo

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Encrypted passwords

If you use IMAP/SMTP over TLS, your password is transferred securely.

5 Reply by amachils

  • amachils
  • Member
  • Offline
  • Registered: 2014-07-31
  • Posts: 3

Re: Encrypted passwords

ZhangHuangbin wrote:

If you use IMAP/SMTP over TLS, your password is transferred securely.

So there would be no need for CRAM-MD5 encrypted passwords?!

Okay, thank you very much.

Regards, Angelo

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Encrypted passwords

amachils wrote:

So there would be no need for CRAM-MD5 encrypted passwords?!

If you use TLS (or SSL) for secure connection (e.g. POP3/IMAP/SMTP over TLS), then yes.