SASL登录身份验证失败: UGFzc3dvcmQ6
SASL登录身份验证失败: UGFzc3dvcmQ6
提问于 2016-09-12 07:15:35
CentOS6.6,后缀,dovecot 2.0.9和MySQL 5.1.73
dovecot配置(/etc/dovecot/dovecot-sql.conf.ext):
driver = mysql
connect = host=127.0.0.1 dbname=postfix user=root password=lingo
default_pass_scheme = SHA512
password_query = SELECT email as user, password FROM virtual_user WHERE email='%u';MySQL数据库:
mysql> SELECT email as user, password FROM virtual_user WHERE email='lingo.lin1@radicasys.com';
+--------------------------+------------------------------------------------------------------------------------------------------------+
| user | password |
+--------------------------+------------------------------------------------------------------------------------------------------------+
| lingo.lin1@example.com | 0da3b4b0385c432a800ca15eae1a8485e5f7abad7b70b4e1c2b9cf15f68afd256cedb2029c6f7cec09e1221e6b10142081e1bb8e5c |
+--------------------------+------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)密码由commons-codec,Java代码生成:
System.out.println(DigestUtils.sha512Hex("lingo".getBytes()));
//print :0da3b4b0385c432a800ca15eae1a8485e5f7abad7b70b4e1c2b9cf15f68afd256cedb2029c6f7cec09e1221e6b10142081e1bb8e5c现在,我编写了一些Java代码来验证:
public static void sendEmail() throws EmailException, GeneralSecurityException {
SimpleEmail email = new SimpleEmail();
// smtp host
email.setHostName("192.168.15.139");
email.setSmtpPort(25);
email.setDebug(true);
// DigestUtils.sha512Hex("lingo".getBytes())
email.setAuthentication("lingo.lin1@example.com", "lingo");
email.setStartTLSEnabled(true);
MailSSLSocketFactory socketFactory = new MailSSLSocketFactory();
socketFactory.setTrustAllHosts(true);
Properties propsSSL = email.getMailSession().getProperties();
propsSSL.put("mail.smtp.port", "465");
propsSSL.put("mail.smtp.ssl.checkserveridentity", "false");
propsSSL.put("mail.smtp.ssl.socketFactory", socketFactory);
email.addTo("lingo.lin@qamail.rimanggis.com", "John Doe");
email.setFrom("lingo.lin@radicasys.com", "Me");
email.setSubject("Test message");
email.setMsg("This is a simple test of commons-email");
email.send();
System.out.println("success");
}
public static void main(String[] args) throws Exception {
SendEmailTest.sendEmail();
// System.out.println(DigestUtils.sha512Hex("lingo".getBytes()));
}但是,如果出现以下错误,则会失败:
Sep 12 13:30:51 localhost dovecot: auth: Debug: sql(lingo.lin1@radicasys.com,192.168.15.243): query: SELECT email as user, password FROM virtual_user WHERE email='lingo.lin1@radicasys.com';
Sep 12 13:30:51 localhost dovecot: auth: Error: sql(lingo.lin1@radicasys.com,192.168.15.243): Password in passdb is not in expected scheme SHA512
Sep 12 13:30:53 localhost postfix/smtpd[1872]: warning: unknown[192.168.15.243]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 12 13:30:53 localhost dovecot: auth: Debug: client out: FAIL#0115#011user=lingo.lin1@radicasys.com
Sep 12 13:30:53 localhost postfix/smtpd[1872]: lost connection after AUTH from unknown[192.168.15.243]
Sep 12 13:30:53 localhost postfix/smtpd[1872]: disconnect from unknown[192.168.15.243]如何修复身份验证?
回答 2
Stack Overflow用户
回答已采纳
发布于 2016-09-12 07:47:30
这是一个dovecot配置问题。Dovecot知道两个哈希编码,“传统”十六进制编码(即。SHA512.HEX)和Base64 64编码(即。SHA512.b64)。后者在Dovecot中作为字符串存储并默认使用时,空间效率更高。使用sha512、sha512.b64和sha512.hex编码生成哈希的示例:
$ doveadm pw -p lingo -s sha512
{SHA512}DaO0sDhcQyqADKFerhqEheX3q617cLThwrnPFfaK/SVs7bICnG987AnhIh5rEBQggeG7jlyAL7l+g8iTwo2GFA==
$ doveadm pw -p lingo -s sha512.b64
{SHA512.b64}DaO0sDhcQyqADKFerhqEheX3q617cLThwrnPFfaK/SVs7bICnG987AnhIh5rEBQggeG7jlyAL7l+g8iTwo2GFA==
$ doveadm pw -p lingo -s sha512.hex
{SHA512.HEX}0da3b4b0385c432a800ca15eae1a8485e5f7abad7b70b4e1c2b9cf15f68afd256cedb2029c6f7cec09e1221e6b10142081e1bb8e5c802fb97e83c893c28d8614如果在Java中创建十六进制编码的密码散列,请使用default_pass_scheme = SHA512.HEX。更好的解决方案是使用Dovecot的{SCHEME}hash编码,而不是设置default_pass_scheme:这样做,以后您可以轻松地更改/升级哈希方法,而无需立即使所有用户的密码无效。您在此方案中使用的散列示例:
{SHA512.hex}0da3b4b0385c432a800ca15eae1a8485e5f7abad7b70b4e1c2b9cf15f68afd256cedb2029c6f7cec09e1221e6b10142081e1bb8e5c最后:密码的简单散列永远不会保存,在使用大型SHA512散列时也是如此。不要存储未加盐的密码散列,如果数据库泄漏,您很容易受到彩虹表攻击。
Stack Overflow用户
发布于 2016-09-12 09:18:36
我通过以下代码生成:
private String SHA(final String strText, final String strType) {
String strResult = null;
if (strText != null && strText.length() > 0) {
try {
MessageDigest messageDigest = MessageDigest.getInstance(strType);
messageDigest.update(strText.getBytes());
byte byteBuffer[] = messageDigest.digest();
StringBuffer strHexString = new StringBuffer();
for (int i = 0; i < byteBuffer.length; i++) {
String hex = Integer.toHexString(0xff & byteBuffer[i]);
if (hex.length() == 1) {
strHexString.append('0');
}
strHexString.append(hex);
}
strResult = strHexString.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
return strResult;
}
public static void main(String[] args) {
EncryptUtils et=new EncryptUtils();
String pas=et.SHA512("lingo");
System.out.println("{SHA512.HEX}"+pas);
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/39445102
复制相关文章
相似问题
腾讯云开发者
