Auth Policy Server/wforce/weakforced
Daniel Miller
dmiller at amfes.com
Fri Aug 4 23:10:22 EEST 2017
On 8/4/2017 12:48 PM, Daniel Miller wrote:
> On 8/3/2017 6:11 AM, Teemu Huovila wrote:
>>
>> On 02.08.2017 23:35, Daniel Miller wrote:
>>> Is there explicit documentation available for the (probably trivial)
>>> configuration needed for Dovecot and Wforce? I'm probably missing
>>> something that should be perfectly obvious...
>>>
>>> Wforce appears to start without errors. I added a file to dovecot's
>>> conf.d:
>>>
>>> 95-policy.conf:
>>> auth_policy_server_url = http://localhost:8084/
>>> auth_policy_hash_nonce = this_is_my_super_secret_something
>>>
>>> Looking at the Wforce console I see:
>>>
>>> WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web
>>> Authentication failed
>>>
>>> In wforce.conf I have the (default):
>>>
>>> webserver("0.0.0.0:8084", "--WEBPWD")
>>>
>>> Do I need to change the "--WEBPWD"? Do I need to specify something
>>> in the Dovecot config?
>> You could try putting an actual password, in plain text, where
>> --WEBPWD is. Then add that base64 encoded to dovecot setting
>> auth_policy_server_api_header.
>>
> I knew it would be something like that. I've made some changes but
> I'm still not there. I presently have:
>
> webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe")
> in wforce.conf (and I've tried with and without the --WEBPWD)
>
> and
>
> auth_policy_server_api_header = Authorization: Basic
> dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl
> in 95-policy.conf for dovecot
>
> Obviously I'm still formatting something wrong.
>
I think I've got something working a little better. I'm using:
webserver("0.0.0.0:8084", "ultra-secret-secure-safe")
(so I remove the --WEBPWD - that's a placeholder, not a argument
declaration)
and for dovecot, the base64 encoding needs to be "wforce:password"
instead of just the password.
Now I have to see what else needs to be tweaked.
Daniel
More information about the dovecot
mailing list