[Dovecot] passwd authentication issues (ATTN: Petar)
Bruce Lane
kyrrin at bluefeathertech.com
Wed Jul 12 07:00:53 EEST 2006
Hi, Petar,
For whatever reason, I didn't see your most recent reply until I checked the web archives.
To answer your questions...
Is my dovecot running chrooted? Not that I know of. However, the option to (apparently) decide this is confusing at best. Here is what I have entered.
# chroot login process to the login_dir. Only reason not to do this is if you
# wish to run the whole Dovecot without roots.
# http://wiki.dovecot.org/Rootless
login_chroot = yes
Now, my guts tell me that this WILL make it run chrooted. However, reading the material at this link...
http://wiki.dovecot.org/Rootless
...says otherwise, and that setting this to 'no' would be making it run chrooted.
For reference, this is the process line from ps -aux|grep dovecot
root 3182 0.0 1.4 256 876 ? Ss Sun08PM 10:10.06 /usr/local/sbin/dovecot
Also, something else just turned up in the process list that I'm not sure I understand. Specifically...
root 1817 0.0 1.6 324 1056 ? S 8:53PM 0:00.19 dovecot-auth
dovecot 2191 0.0 3.0 256 1940 ? S 8:53PM 0:00.97 imap-login
root 3182 0.0 1.4 256 876 ? Ss Sun08PM 10:11.78 /usr/local/sbin/dovecot
dovecot 6333 0.0 3.0 256 1940 ? S 8:53PM 0:00.93 imap-login
dovecot 8133 0.0 3.0 256 1940 ? S 8:53PM 0:00.97 imap-login
dovecot 8397 0.0 3.0 256 1940 ? S 8:53PM 0:00.96 imap-login
dovecot 16144 0.0 3.0 256 1940 ? S 8:53PM 0:00.92 imap-login
This has me deeply confused. I'm not running IMAP, I'm not interested in running IMAP, I don't want anything to do with IMAP. However, there's five processes for imap-login. What gives?
On to your second question: Are /etc/pwd.db and /etc/spwd.db available? Yes, both are listed in the directory of /etc as follows.
-rw-r--r-- 1 root wheel 40960 Jul 9 09:56 /etc/pwd.db
-rw------- 1 root wheel 40960 Jul 9 09:56 /etc/spwd.db
featherweb: {41}
How "available" this makes them (I don't know what context you were asking in), I'm not sure. Just for giggles, I tried chaning the permissions on spwd.db so that it was world-readable. Doing so had no effect. I still get password failure errors when I try to authenticate a pop3s connection from the client program.
One other question: Pegasus (the mail client) has two options for secure POP connections besides apop (which I've shelved for the moment): STLS and direct SSL connection. I've got it set to direct SSL at the moment. Does this sound right?
Looking forward to the next set of replies.
Thanks much.
-=-=-=-=-=-=-=-=-=-=-=-
Bruce Lane, Owner & Head Hardware Heavy,
Blue Feather Technologies -- http://www.bluefeathertech.com
kyrrin (at) bluefeathertech do/t c=o=m
"If Salvador Dali had owned a computer, would it have been equipped with surreal ports?"
More information about the dovecot
mailing list