On 21 March 2018 at 18:31 mj lists@merit.unu.edu wrote:
Hi AKi,
Thanks for the quick answer!
On 03/21/2018 05:24 PM, Aki Tuomi wrote:
This is what 'nopassword=y' does. I'm guessing this is an attempt to allow logging in from localhost without password, but I'd use master password (for applications or webmails), or
Yes, the config is taken from the SOGo configuration guide, which can be seen here: https://sogo.nu/files/docs/v2/SOGoNativeOutlookConfigurationGuide.html
Yes, but we have args = nopassword=y allow_nets=127.0.0.1/32 so it should only allow passwordless logins from localhost, right..?
And in "Debug: static(username,1.2.3.4,
): Allowing any password" 1.2.3.4 is NOT localhost... (obviously 1.2.3.4 is not the *real* ip, bit it's a *real* ip from the internet, NOT localhost...
MJ
Looking at the code for v2.2.13, it would seem that
a) when using nopassword, it will log the debug row in any case b) allow_nets will fail the authentication by setting request failed
Mar 21 07:13:48 mail dovecot: auth: static(username,1.2.3.4,
this indicates that the request is marked failed.
I would, still, recommend using doveadm exec imap -u instead of the static passdb.
Aki