[Dovecot] checkpassword auth issues

Tim Traver tt-list at simplenet.com
Mon Jan 19 22:17:17 EET 2009 

Hi,

ok, I'm am developing a new solution that includes dovecot, and will be
wanting to use the latest sieve implementation, so I have chosen to
start with 1.2 as the base.

I had a working install of 1.1.8 installed, and got a checkpassword
setup working properly with it to authenticate a user. I used the passdb
to call checkpassword, and the prefetch userdb to tell it to use the
values that I sent back from the checkpassword script...

I compiled and installed 1.2.alpha5, and now my checkpassword does not
seem to be working, and I can't figure out why. If I go back and install
1.1.8, it all works again...

here is the dovecot -n :
[root at mta3 /local/logs]# dovecot -n
# 1.2.alpha5: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.0-STABLE i386
log_path: /local/logs/dovecot.errors
protocols: imap imaps pop3 pop3s
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
verbose_proctitle: yes
first_valid_uid: 100
mail_uid: 100
mail_gid: 100
mail_location: maildir:%h/Maildir
mail_debug: yes
mmap_disable: yes
mail_nfs_storage: yes
mail_nfs_index: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  username_translation: %@
  username_format: %Lu
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: checkpassword
    args: /bin/checkpassword
  userdb:
    driver: prefetch

and here is a snip of the logs that I get when trying to log in :
dovecot: Jan 19 11:37:47 Info: auth(default): client in: AUTH   1      
PLAIN   service=imap    secured lip=209.132.1.203      
rip=209.132.9.162       lport=993       rport=1053
dovecot: Jan 19 11:37:47 Info: auth(default): client out: CONT  1
dovecot: Jan 19 11:37:47 Info: auth(default): client in: CONT   1      
AHRpbUBtdGEzLnNjYWxlZHN5c3RlbXMuY29tAENvbGRTdW4x
dovecot: Jan 19 11:37:47 Info: auth(default):
checkpassword(tim at mta3.scaledsystems.com,209.132.9.162): execute:
/bin/checkpassword /usr/local/libexec/dovecot/checkpassword-reply
dovecot: Jan 19 11:37:47 Info: auth(default):
checkpassword(tim at mta3.scaledsystems.com,209.132.9.162): Received input:
user=tim at mta3.scaledsystems.com 
userdb_home=/home/mailboxes/data/30/tim at mta3.scaledsystems.com 
userdb_uid=100  userdb_gid=100
dovecot: Jan 19 11:37:47 Info: auth(default):
checkpassword(tim at mta3.scaledsystems.com,209.132.9.162): Received no input
dovecot: Jan 19 11:37:47 Info: auth(default):
checkpassword(tim at mta3.scaledsystems.com,209.132.9.162): exit_status=2
dovecot: Jan 19 11:37:47 Error: auth(default):
checkpassword(tim at mta3.scaledsystems.com,209.132.9.162): Child 43345
exited with status 2

As you can see, the checkpassword routine is indeed sending outthe
userdb_home variable as well as the other necessary variables.

Is it possible that checks for the return code from calling the
checkpassword script have changed between the versions??? I currently
exit the checkpassword script with _exit(0); to make the status 0 when
it is successful, and I also set the AUTHORIZED environment variable to
"2" as told...

wierd thing is that it works in 1.1.8, but not in 1.2

Thanks,

Tim.

More information about the dovecot mailing list