[Dovecot] Proxy with MasterUser + Authentication issues

Cassidy B. Larson alandaluz at gmail.com
Fri Feb 16 00:19:08 UTC 2007 

>
>
> > Error: auth-worker(default): BUG: PASSV had invalid passdb ID
>
> Does this still happen with rc22?



Yes, I am still getting this.

Here is my situation. I am authenticating people out of MySQL on a proxy,
and relaying them to my storage servers.

proxy log:
Feb 15 17:05:59 dellio dovecot: auth(mail.infowest.com): client out: OK
1       user=user at host.com        host=204.17.177.250     destuser=
user at host.com*masteruser       nologin proxy   pass=secret

I get this in my logs on my storage server:
dovecot: Feb 15 17:05:59 Info: auth(default): client in: AUTH   1
PLAIN   service=POP3    lip=204.17.177.250      rip=204.17.177.30
resp=AGNhc3NpZHl0ZXN0QGluZm93ZXN0LmNvbSphZG1pbkBpbmZvd2VzdC5jb20Ac2VjcmV0
dovecot: Feb 15 17:05:59 Error: auth-worker(default): BUG: PASSV had invalid
passdb ID

Perhaps I am understanding how the whole MasterUser works right? But, I want
to authenticate the users at the proxy level so I can do SPA, then proxy it
off to my storage server for mailbox storage. On my proxy I simply return
the cleartext password from my password_query line for the authentication to
correctly complete. However, how is the correct 'master password' going to
get sent off to the "storage server"? Sure, I can append the master
username, and I do just fine.  But, how is the storage server supposed to
get the "master password" in addition?

On my storage server I have the following in dovecot.conf:
  passdb pam {
  }
  passdb sql {
    args = /usr/local/etc/dovecot-sql.conf
    master=yes
  }

Then within dovecot-sql.conf:
password_query = SELECT user, clearpasswd AS password FROM
authenticate.users WHERE '%u' = 'masteruser'

However, I am not seeing any SQL queries happen to try and verify the
user/pass for the masteruser.

The next funny thing is, if I have a password file, and have the
masteruser's password set in that password file to the same password as the
user that I am trying to proxy with, things work.  If the masteruser's
password in the password file is different, it doesnt work. So the question
is, how does the proxy send the password to use for the masteruser?

Thanks,

Cassidy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20070215/f9df20fb/attachment.html

More information about the dovecot mailing list