pam authentication

Pol Hallen dovecotml at fuckaround.org
Tue Sep 5 14:29:23 EEST 2017


Sure :) thanks

cat /var/log/dovecot/[...]

Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131)
Sep 05 13:26:02 auth: Debug: client in: AUTH    1       PLAIN   
service=imap    secured session=JK0Bfm9YuqfAqAFk        
lip=192.168.1.100       rip=192.168.1.100       lport=143       
rport=42938   resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== 
(previous base64 data may contain sensitive data)
Sep 05 13:26:02 auth-worker(30088): Debug: 
pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup 
service=username_format=user00
Sep 05 13:26:02 auth-worker(30088): Debug: 
pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 
style=1 msg=Password:
==> /var/log/dovecot.info <==
Sep 05 13:26:04 auth-worker(30088): Info: 
pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): 
pam_authenticate() failed: Authentication failure (password mismatch?) 
(given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:26:04 auth: Debug: 
passwd-file(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): 
lookup: user=user00 at realsystem.org file=/etc/dovecot/users
==> /var/log/dovecot.info <==
Sep 05 13:26:04 auth: Info: 
passwd-file(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): 
unknown user (given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:26:06 auth: Debug: client passdb out: FAIL    1       
user=user00 at realsystem.org
==> /var/log/dovecot.info <==
Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts 
in 4 secs): user=<user00 at realsystem.org>, method=PLAIN, 
rip=192.168.1.100, lip=192.168.1.100, secured

doveconf -n

# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = login plain
auth_verbose = yes
auth_verbose_passwords = yes
debug_log_path = /var/log/dovecot.debug
disable_plaintext_auth = no
info_log_path = /var/log/dovecot.info
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_home = /home/vmail/%d/%n/Maildir
mail_location = maildir:~/Maildir
mail_plugins = " quota quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext imapflags notify
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
   subscriptions = yes
   type = private
}
passdb {
   args = username_format=%n
   driver = pam
}
passdb {
   args = scheme=SHA256 username_format=%u /etc/dovecot/users
   driver = passwd-file
}
plugin {
   mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename append flag_change
   mail_log_fields = uid box msgid size from subject vsize
   quota = maildir:User quota
   quota_rule = *:storage=10000M
   quota_rule2 = Junk:storage=+100M
   quota_rule3 = SPAM:storage=+100M
   quota_warning = storage=90%% quota-warning 90 %u
   sieve = file:~/sieve;active=~/.dovecot.sieve
   sieve_extensions = +notify +imapflags
}
protocols = " imap sieve pop3 sieve"
quota_full_tempfail = yes
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0666
     user = postfix
   }
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
   service_count = 1
   vsz_limit = 64 M
}
service pop3-login {
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}
service quota-warning {
   executable = script /root/bin/quota-warning.sh
   unix_listener quota-warning {
     mode = 0666
     user = vmail
   }
   user = root
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_dh_parameters_length = 2048
ssl_key =  # hidden, use -P to show it
userdb {
   driver = passwd
}
userdb {
   args = scheme=SHA256 username_format=%u /etc/dovecot/users
   driver = passwd-file
}
userdb {
   args = uid=vmail gid=vmail home=/home/vmail/%d/%n
   driver = static
}
verbose_proctitle = yes
protocol lda {
   mail_plugins = " quota quota sieve quota"
}
protocol imap {
   mail_plugins = " quota quota imap_quota"
}




On 2017-09-05 13:01, Aki Tuomi wrote:

> Can you provide
> 
> doveconf -n  (with the new config)
> 
> enable auth_debug=yes, auth_verbose=yes and provide logs from
> authentication attempt?
> 
> Aki
> 
> On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your 
> advices I've same problem: in the logs
> always I see the authentication with user and domain name, so dovecot
> doesn't accept it
> 
> any idea?
> 
> thanks!
> 
> Pol
> 
> On 2017-09-05 10:58, Aki Tuomi wrote:
> 
> Oh right, you need to do it like this...
> 
> after the passwd-file drivers add
> 
> passdb {
> driver = static
> args = username=%n noauthenticate
> }
> 
> Aki
> 
> On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
> 
> I already tried with:
> 
> username_format=%n or auth_username_format=%n but I've same problem
> 
> Pol
> 
> passdb {
> driver = pam
> args = username_format=%n
> }
> 
> also you probably want to consider using driver=passwd instead, if you
> really don't need pam due to some special plugins.
> 
> Aki


-- 
Pol


More information about the dovecot mailing list