imapc and masteruser

Computerisms Corporation bob at computerisms.ca
Thu Sep 28 23:08:52 EEST 2017 

Hi Sami,

Thank you for your reply.
> yes you do need to define imapc_user if you want to switch user and master user around for imapc. like:
> 
> imapc_user = authapps
> imapc_master_user = %u
> 
> without imapc_user dovecot would login to the secondary server like A bob.test*bob.test password

When I add the 'imapc_user = authapps' option to the primary instance 
running on port 993, it passes the imapc_password as the password for 
the master user.  here is what the logs on the shared instance show when 
I log into the primary instance:

2017-09-28 12:47:35.361064500 Sep 28 12:47:35 auth: Debug: 
ldap(bob.test,192.168.120.70,master,<hU/PLUVavLbAqHhG>): Master user 
lookup for login: authapps
2017-09-28 12:47:35.364892500 Sep 28 12:47:35 auth: Info: 
ldap(bob.test,192.168.120.70,master,<hU/PLUVavLbAqHhG>): invalid 
credentials (given password: XXXXXXXXX)
2017-09-28 12:47:37.367173500 Sep 28 12:47:37 auth: Debug: client passdb 
out: FAIL	2	user=bob.test


The given password in the logs is the password supplied as imapc_password.

if I change the imapc_password to be that of the bob.test user, the 
imapc login does succeed with bob.test as the master user.

I followed this before, and it seemed the solution was to set

imapc_password = %w

However, dovecot will not start with this configuration.

In Sven's email, he places the imapc_password = %w as a default_field in 
the userdb on the primary instance.  If I remove the default field, I 
get the invalid credentials reported as above.  However, I still think 
this is correct way to pass %w, because if I remove 'imapc_user = 
authapps' from the global config *and*  'imapc_password = %w' from the 
default_fields in the userdb, the logs on the shared instance show that 
the user password is not being passed in the imapc login:


2017-09-28 12:57:10.409884500 Sep 28 12:57:10 auth: Debug: 
static(bob.test,192.168.120.70,<rvFSUEVaxLfAqHhG>): lookup
2017-09-28 12:57:10.409903500 Sep 28 12:57:10 auth: Debug: 
static(bob.test,192.168.120.70,<rvFSUEVaxLfAqHhG>): username changed 
bob.test -> authapps
2017-09-28 12:57:10.409905500 Sep 28 12:57:10 auth: Info: 
static(authapps,192.168.120.70,<rvFSUEVaxLfAqHhG>): No password returned 
(and no nopassword)
2017-09-28 12:57:12.412437500 Sep 28 12:57:12 auth: Debug: client passdb 
out: FAIL	11	user=authapps	original_user=bob.test


so maybe I am not passing the %w in the correct spot?

truly appreciate you taking a look at this, thank you.

>> passdb {
>>   args = user=authapps password=XXXXXXXXXX
>>   driver = static
>> }
> 
> This is probably correct except that now user authapps can also login directly with password XXXXXXXXXX without master user login.
> Which is probably OK as long as the password is kept secret

Once I get the imapc master user sorted out, I will play with the config 
to see what I can trim, but as of now, dropping just the password, or 
the entire args line, also causes the imapc login to fail...

truly appreciate you taking a look at this, thank you.

> 
> Sami
>

More information about the dovecot mailing list