Re: Director & Master Users

On 15 February 2018 at 20:22 Travis Dolan travis.dolan@gmail.com wrote:

Hello,

I have Director setup to proxy requests to backend servers. This works fine when using "standard" username/passwords.

I am not try to enable the use of the Dovecot Master user through Director into the backend servers.

a.) username is being sent as masteruser*username b.) request hits the proxy and authenticates, and then is passed to the backend servers and fails auth.

• logs from proxy/Director point of view.

auth: Info: passwd-file(masteruser,172.31.33.224,master,): Master user logging in as devteam

imap-login: Info: proxy(devteam): Login failed to backend.servers:143 (master masteruser): [AUTHENTICATIONFAILED] Authentication failed.: user=<devteam>, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20, session=

• logs from backend server point of view.

imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<masterusername>, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99, session=<O8QN8kNlloXAqEcU>

Proxy/Director Configs (hopefully this is enough)

auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/conf.d/master-user-password master = yes pass = yes }

passdb { driver = static args = proxy=y nopassword=y }

Please let me know if I can provide any further details.

Thanks in advance.

You could consider using "master password" instead.

This works so that you configure proxy to use pass=some_static_password as the password forward, and you can then use static passdb in director, as in

passdb { driver = static args = password=some_static_password .... }

This way you don't need to setup master user authentication.

Aki