[Dovecot] auth_debug_passwords

Josh Gentry jgentry at swcp.com
Wed Feb 4 02:33:36 EET 2009


Hi.  I'm new to Dovecot and about to start using it in production.  In
the config file, I set the option, auth_debug_passwords, to yes.  I do
not see any failed passwords logged, however.  It did cause more verbose
authentication logging, but failed passwords are still hidden.

I have also set these options to yes, because I thought they might be
required for auth_debug_passwords to work:

auth_verbose = yes
auth_debug = yes

Here's an example of what I see with a failed login:

Feb  3 17:03:36 ebi5 dovecot: auth-worker(default):
pam(jkd,some IP): lookup service=dovecot
Feb  3 17:03:36 ebi5 dovecot: auth-worker(default):
pam(jkd,some IP): #1/1 style=1 msg=Password:
Feb  3 17:03:36 ebi5 dovecot: auth-worker(default):
pam(jkd,some IP): pam_authenticate() failed: authentication error
(password mismatch?)
Feb  3 17:03:38 ebi5 dovecot: auth(default): client out: FAIL	1
user=jkd
Feb  3 17:03:38 ebi5 dovecot: pop3-login: Aborted login (auth failed, 1
attempts): user=<jkd>, method=PLAIN, rip=some IP, lip=some IP

-------Version and config below----------

host:/var/log# dovecot --version
1.1.8

host:/var/log# dovecot -n
# 1.1.8: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.1-RELEASE-p2 i386  
base_dir: /var/run/dovecot/
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/mail/certs/mail.ourdomain.com.pem
ssl_key_file: /etc/mail/certs/mail.ourdomain.com.pem
ssl_cipher_list: ALL:!LOW:!SSLv2
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
verbose_proctitle: yes
first_valid_uid: 1000
first_valid_gid: 100
mail_privileged_group: mail
mail_location: mbox:~/:INBOX=/var/mail/%u:INDEX=/var/dovecot/%u
mail_full_filesystem_access: yes
mmap_disable: yes
mail_nfs_storage: yes
mail_nfs_index: yes
lock_method: dotlock
mbox_lock_timeout: 120
dbox_rotate_days: 0
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(pop3): 
pop3_reuse_xuidl(default): no
pop3_reuse_xuidl(imap): no
pop3_reuse_xuidl(pop3): yes
pop3_client_workarounds(default): 
pop3_client_workarounds(imap): 
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  username_format: %Lu
  winbind_helper_path: /usr/local/bin/ntlm_auth
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: pam
    args: session=yes dovecot
  userdb:
    driver: passwd
    args: blocking=yes
  socket:
    type: listen
    client:
      path: /var/run/dovecot/auth-client
      mode: 432
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
host:/var/log# 

Thanks for any light you could shine on this problem.

Josh

-- 
Josh Gentry 
help at swcp.com * jgentry at swcp.com *  505-232-7992
Customer service in the 21st century.


More information about the dovecot mailing list