[Dovecot] Master user with "user="?

Alan Ferrency alan at pair.com
Tue Dec 16 19:16:54 EET 2008 

Timo,

Thanks for your response.

On Sun, 14 Dec 2008, Timo Sirainen wrote:

> On Thu, 2008-11-20 at 15:42 -0500, Alan Ferrency wrote:
> > Hello,
> >
> > In our configuration, we are using a "passdb passwd-file", with
> > "user=" directives in each username, and a separate "userdb
> > passwd-file" which contains the target usernames for the "user="
> > directives.  This works fine, for normal logins via POP and IMAP.
> >
> > For customer support testing purposes, we also set up a temporary
> > "master=yes" passwd-file.  This works fine, for any passdb username
> > that does not have a "user=" field.
> >
> > However, it seems that if we use the master user to log into a
> > username that is in the passdb with a "user=" field, dovecot looks in
> > the userdb for the original username, and not for the "user="
> > username specified in the passdb passwd-file.
> >
> > Is this a known bug?  Maybe I'm doing something wrong?
>
> Works fine here with latest v1.1 code. Set auth_debug=yes and show me
> the logs when logging in? Also show dovecot -n output.

Here's a sample.  I've included dovecot -n and log output below.

A passwd-file entry in virtual.ip.passwd (see dovecot -n for the
passdb/userdb config):
park at 10.2.1.1:<snip>:3393:1000::/usr/boxes/basicguy/basicguydomain.com:: user=park at basicguydomain.com

The corresponding passdb/userdb entry, in virtual.passwd:
park at basicguydomain.com:<snip- same passwd>:3393:1000::/usr/boxes/basicguy/basicguydomain.com::userdb_mail=mbox:~/park^/.imap:INBOX=~/park

The master user entry:
staff:{crypt}<snip>::::::allow_nets=<snip>

A sample telnet session, attempting to log in to the IP based staff username:

* OK Dovecot ready.
a login park at 10.2.1.1*staff <snip>
* BYE Internal login failure. Refer to server log for more information.


The logs (below) indicate that the master user login succeeds, and then it
looks in both of the userdb files for the username "park at 10.2.1.1".
However, this username never appears in the userdb files; instead, it
has a "user=" entry in the passdb file.

In researching this problem I became aware of an unrelated
configuration problem: I should also have a passdb entry for
virtual.ip.passwd without the username_format parameter.  However,
adding this entry makes no difference: after logging in with the
master user, dovecot still only checks in the userdb files and not the
passdb files anyway.

Should I include the virtual.ip.passwd file as a userdb file as well?
If I do, will dovecot follow the user= reference if it appears in a
userdb file?

Thank you for your help!

Alan Ferrency
pair Networks, Inc.
alan at pair.com


* Logs:

Dec 16 11:47:41 qenni dovecot: auth(default): client in: AUTH   1       PLAIN   service=imap    lip=<snip> rip=<snip>
       lport=143       rport=62216     resp=<hidden>
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file /usr/boxes/.passwd/master.user: Read 1 users
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(staff,<snip>,master): lookup: user=staff file=/usr/boxes/.passwd/master.user
Dec 16 11:47:41 qenni dovecot: auth(default): auth(staff,<snip>,master): allow_nets: Matching for network <snip>
Dec 16 11:47:41 qenni dovecot: auth(default): passdb(staff,<snip>,master): Master user logging in as park at 10.2.1.1
Dec 16 11:47:41 qenni dovecot: auth(default): client out: OK    1       user=park at 10.2.1.1
Dec 16 11:47:41 qenni dovecot: auth(default): master in: REQUEST        3       96912   1
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(park at 10.2.1.1,<snip>): lookup: user=park at 10.2.1.1 file=/usr/boxes/.passwd/virtual.passwd
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(park at 10.2.1.1,<snip>): unknown user
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(park at 10.2.1.1,<snip>): lookup: user=park at 10.2.1.1 file=/usr/boxes/.passwd/master.passwd
Dec 16 11:47:41 qenni dovecot: auth(default): passwd-file(park at 10.2.1.1,<snip>): unknown user
Dec 16 11:47:41 qenni dovecot: auth(default): userdb(park at 10.2.1.1,<snip>): user not found from userdb
Dec 16 11:47:41 qenni dovecot: auth(default): master out: NOTFOUND      3
Dec 16 11:47:41 qenni dovecot: imap-login: Internal login failure (auth failed, 1 attempts): user=<park at 10.2.1.1>, method=PLAIN, rip=<snip>, lip=<snip>


* dovecot -n

# 1.1.6: /etc/postfix/dovecot.conf
# OS: FreeBSD 6.2-RELEASE-p12 i386
base_dir: /var/run/dovecot
protocols: imap imaps pop3 pop3s
ssl_cert_file: /usr/local/ssl/certs/imapd-ssl.pem
ssl_key_file: /usr/local/ssl/certs/imapd-ssl.pem
ssl_cipher_list: ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
fsync_disable: yes
mbox_read_locks: flock
mbox_write_locks: flock
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugins(default): pair_relay quota imap_quota
mail_plugins(imap): pair_relay quota imap_quota
mail_plugins(pop3): pair_relay quota
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): outlook-idle tb-extra-mailbox-sep
imap_client_workarounds(imap): outlook-idle tb-extra-mailbox-sep
imap_client_workarounds(pop3):
pop3_no_flag_updates: yes
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  master_user_separator: *
  passdb:
    driver: passwd-file
    args: /usr/boxes/.passwd/virtual.passwd
  passdb:
    driver: passwd-file
    args: username_format=%n@%l /usr/boxes/.passwd/virtual.ip.passwd
  passdb:
    driver: passwd-file
    args: /usr/boxes/.passwd/master.passwd
  passdb:
    driver: passwd-file
    args: /usr/boxes/.passwd/master.user
    master: yes
  userdb:
    driver: passwd-file
    args: /usr/boxes/.passwd/virtual.passwd
  userdb:
    driver: passwd-file
    args: /usr/boxes/.passwd/master.passwd
  socket:
    type: listen
    master:
      path: /var/run/dovecot/auth-master
      mode: 432
      user: vmail
      group: users
plugin:
  PAIR_RELAY_PACKET: %u %l %r
  PAIR_RELAY_INTERVAL: 1800

More information about the dovecot mailing list