question on autch cache parameters[Bug]
Matthias Lay
matthias.lay at securepoint.de
Mon Aug 31 13:02:01 UTC 2015
hi again,
On Thu, 27 Aug 2015 14:37:59 +0300
Teemu Huovila <teemu.huovila at dovecot.fi> wrote:
>
> However, I am unable to reproduce this. Could you post your doveconf
> -n please? Im especially interested in your passdb and userdb
> configurations and auth-cache settings.
>
just reproduced the bug with a fresh clean 2.2.18 install
ldap userdb an 2 masterusers with the ACL_GROUP attribut in passwd file
env output in imap-postlogin
first login:
AUTH_TOKEN=4adba75022f765fc3215ac5243337fd99adfdbf5
MASTER_USER=master2
SPUSER=private/johnd
LOCAL_IP=127.0.0.1
USER=johnd
AUTH_USER=master2
PWD=/run/dovecot
USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER
SHLVL=1
HOME=/home/vmail/private/johnd
ACL_GROUPS=umareadmaster
IP=127.0.0.1
_=/usr/bin/env
logout and next login:
AUTH_TOKEN=83d7ede27b4fbc4de2abad58e84e65ac1073e4ec
MASTER_USER=master2
SPUSER=private/johnd
LOCAL_IP=127.0.0.1
USER=johnd
AUTH_USER=master2
PWD=/run/dovecot
USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER
SHLVL=1
HOME=/home/vmail/private/johnd
IP=127.0.0.1
_=/usr/bin/env
##############################
% doveconf -n:
# 2.2.18: /etc/dovecot/dovecot.conf
# OS: Linux 3.12.44-gentoo x86_64 Gentoo Base System release 2.2
auth_cache_negative_ttl = 30 mins
auth_cache_size = 10 k
auth_master_user_separator = *
auth_use_winbind = yes
auth_username_chars =
auth_verbose = yes
log_path = /var/log/dovecot.log
mail_gid = vmail
mail_home = /home/vmail/private/%u
mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=~/Maildir/INBOX
mail_uid = vmail
namespace {
inbox = yes
location =
mailbox Sent {
auto = subscribe
special_use = \Sent
}
prefix =
separator = /
subscriptions = yes
type = private
}
namespace {
hidden = no
inbox = no
list = children
location =
maildir:/home/vmail/public/%%Lu/Maildir:LAYOUT=fs:INBOX=/home/vmail/public/%%Lu/Maildir/INBOX
prefix = public/%%u/ separator = /
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/master-users1
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/master-users2
driver = passwd-file
master = yes
}
service auth {
unix_listener auth-client {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-login {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = $default_internal_user
}
unix_listener login/login {
group =
mode = 0666
user = $default_internal_user
}
user = $default_internal_user
}
service imap-login {
inet_listener imap {
port = 143
}
}
service imap-postlogin {
executable = script-login /usr/libexec/dovecot/imap-postlogin
user = vmail
}
service imap {
executable = imap imap-postlogin
}
ssl_cert = </etc/ssl/dovecot/server.pem
ssl_key = </etc/ssl/dovecot/server.key
protocol imap {
userdb {
args = /etc/dovecot/dovecot-imap-ldap.conf.ext
driver = ldap
name =
}
userdb {
args = /etc/dovecot/dovecot-imap-ldap.conf.ext
driver = ldap
name =
}
}
###################################
% cat auth-master.conf.ext
# Authentication for master users. Included from 10-auth.conf.
# By adding master=yes setting inside a passdb you make the passdb a
list # of "master users", who can log in as anyone else.
# <doc/wiki/Authentication.MasterUsers.txt>
auth_master_user_separator = *
# Example master user passdb using passwd-file. You can use any passdb
though. passdb {
driver = passwd-file
master = yes
args = /etc/dovecot/master-users1
# Unless you're using PAM, you probably still want the destination
user to # be looked up from passdb that it really exists. pass=yes
does that. #pass = yes
}
passdb {
driver = passwd-file
master = yes
args = /etc/dovecot/master-users2
# Unless you're using PAM, you probably still want the destination
user to # be looked up from passdb that it really exists. pass=yes
does that. #pass = yes
}
###############################################
% cat /etc/dovecot/master-users1
master1:{SHA}xxxxxxx=::::::userdb_acl_groups=umareadmaster
allow_nets=127.0.0.1
master2 is the same.
Greetz
More information about the dovecot
mailing list