[Dovecot] auth_debug_passwords
Josh Gentry
jgentry at swcp.com
Wed Feb 4 02:33:36 EET 2009
Hi. I'm new to Dovecot and about to start using it in production. In
the config file, I set the option, auth_debug_passwords, to yes. I do
not see any failed passwords logged, however. It did cause more verbose
authentication logging, but failed passwords are still hidden.
I have also set these options to yes, because I thought they might be
required for auth_debug_passwords to work:
auth_verbose = yes
auth_debug = yes
Here's an example of what I see with a failed login:
Feb 3 17:03:36 ebi5 dovecot: auth-worker(default):
pam(jkd,some IP): lookup service=dovecot
Feb 3 17:03:36 ebi5 dovecot: auth-worker(default):
pam(jkd,some IP): #1/1 style=1 msg=Password:
Feb 3 17:03:36 ebi5 dovecot: auth-worker(default):
pam(jkd,some IP): pam_authenticate() failed: authentication error
(password mismatch?)
Feb 3 17:03:38 ebi5 dovecot: auth(default): client out: FAIL 1
user=jkd
Feb 3 17:03:38 ebi5 dovecot: pop3-login: Aborted login (auth failed, 1
attempts): user=<jkd>, method=PLAIN, rip=some IP, lip=some IP
-------Version and config below----------
host:/var/log# dovecot --version
1.1.8
host:/var/log# dovecot -n
# 1.1.8: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.1-RELEASE-p2 i386
base_dir: /var/run/dovecot/
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/mail/certs/mail.ourdomain.com.pem
ssl_key_file: /etc/mail/certs/mail.ourdomain.com.pem
ssl_cipher_list: ALL:!LOW:!SSLv2
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
verbose_proctitle: yes
first_valid_uid: 1000
first_valid_gid: 100
mail_privileged_group: mail
mail_location: mbox:~/:INBOX=/var/mail/%u:INDEX=/var/dovecot/%u
mail_full_filesystem_access: yes
mmap_disable: yes
mail_nfs_storage: yes
mail_nfs_index: yes
lock_method: dotlock
mbox_lock_timeout: 120
dbox_rotate_days: 0
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(pop3):
pop3_reuse_xuidl(default): no
pop3_reuse_xuidl(imap): no
pop3_reuse_xuidl(pop3): yes
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
username_format: %Lu
winbind_helper_path: /usr/local/bin/ntlm_auth
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: pam
args: session=yes dovecot
userdb:
driver: passwd
args: blocking=yes
socket:
type: listen
client:
path: /var/run/dovecot/auth-client
mode: 432
master:
path: /var/run/dovecot/auth-master
mode: 384
host:/var/log#
Thanks for any light you could shine on this problem.
Josh
--
Josh Gentry
help at swcp.com * jgentry at swcp.com * 505-232-7992
Customer service in the 21st century.
More information about the dovecot
mailing list