Proxy with director accept only plain login

Timo Sirainen tss at iki.fi
Thu Oct 29 10:48:15 UTC 2015


On 27 Oct 2015, at 17:43, Andrey Fesenko <f0andrey at gmail.com> wrote:
> 
> Hello, i'm test system dovecot (proxy with director) and backend
> storage, auth LDAP server (user plain passwords)
> 
> If i use plain auth, work fine.
> 
> If connect DIGEST-MD5 or CRAM-MD5 proxy not redirect connection
> (Requested DIGEST-MD5 scheme, but we have a NULL password)
> 
> ### Frontend proxy+director
..
> passdb {
>  args = /usr/local/etc/dovecot/dovecot-ldap.conf
>  driver = ldap
> }

So LDAP is the primary way of authenticating.

> pass_attrs = uid=user,=password=,description=proxy,ipHostNumber=host,=nopassword=y,=starttls=any-cert

But you set password to empty and nopassword=yes. CRAM-MD5 and DIGEST-MD5 authentication requires that the server already knows the password. The only way to make it work is to have proxy actually fully authenticate the user and then login to Dovecot backend with a master password.



More information about the dovecot mailing list