Hi,
I have been using CentOS 5.5 with Dovecot 1.0.7. My client apps login with TLS/SSL using an postgres database for username and password authentication. I developed a plugin that added an additional IMAP command.
I want to eventually migrate to release 2.0 but have decided to make this a two step process. I have started with 1.2.17 as I hope this would be a smaller step along the way.
I have installed 1.2.17 from source an installed. Rebuilt my plugin and installed and set about updating the dovecot.conf file. Installing the SSL certificate etc.....
I have tested the 1.0.7 configuration previously using a standard IMAP mail client.
When I try with 1.2.17 I can't seem to get logged in.
==> /var/log/maillog <== Jul 27 21:48:26 email dovecot: auth(default): client in: AUTH 1 PLAIN service=imap secured lip=192.168.1.10 rip=202.81.69.135 lport=10143 rport=58641 resp=ADYxNDE0NjI3NDM2AFExcjQwNHVD Jul 27 21:48:26 email dovecot: auth-worker(default): pam(john,202.81.69.135): lookup service=dovecot Jul 27 21:48:26 email dovecot: auth-worker(default): pam(john,202.81.69.135): #1/1 style=1 msg=Password: Jul 27 21:48:28 email dovecot: auth-worker(default): pam(john,202.81.69.135): unknown user Jul 27 21:48:28 email dovecot: auth(default): sql(john,202.81.69.135): query: SELECT password FROM ivms_iphone WHERE username='john' Jul 27 21:48:28 email dovecot: auth(default): client out: OK 1 user=john Jul 27 21:48:28 email dovecot: auth(default): master in: REQUEST 2 28178 1 Jul 27 21:48:28 email dovecot: auth(default): passwd(john,202.81.69.135): lookup Jul 27 21:48:28 email dovecot: auth(default): passwd(john,202.81.69.135): unknown user Jul 27 21:48:28 email dovecot: auth(default): sql(john,202.81.69.135): SELECT home, uid, gid FROM users WHERE username='john' Jul 27 21:48:28 email dovecot: auth(default): master out: USER 2 john home=/var/imap_mail/john uid=50gid=500 Jul 27 21:48:28 email dovecot: IMAP(john): Loading modules from directory: /usr/local/lib/dovecot/imap/ Jul 27 21:48:28 email dovecot: IMAP(john): Module loaded: /usr/local/lib/dovecot/imap//lib20_mail_log_plugin.so Jul 27 21:48:28 email dovecot: IMAP(john): Module loaded: /usr/local/lib/dovecot/imap//change_passwd_plugin.so Jul 27 21:48:28 email dovecot: IMAP(john): Effective uid=500, gid=500, home=/var/imap_mail/john Jul 27 21:48:28 email dovecot: IMAP(john): maildir: data=john Jul 27 21:48:28 email dovecot: IMAP(john): maildir++: root=john, index=, control=, inbox=john Jul 27 21:48:28 email dovecot: imap-login: Login: user=<john>, method=PLAIN, rip=202.81.69.135, lip=192.168.1.10, TLS Jul 27 21:48:28 email dovecot: IMAP(john): Namespace : Using permissions from john: mode=0700 gid=-1
==> /var/log/secure <== Jul 27 21:48:26 email dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Jul 27 21:48:26 email dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=john rhost=202.81.69.135 Jul 27 21:48:26 email dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user john
I have the following in the .conf file
auth_verbose=yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes verbose_ssl=yes
Also note the following differences in behaviour between Dovecot 1.0.7 and 1.2.17
$ telnet new_system_1.2.17 10143 Trying 192.168.1.10... Connected to new_system.com.au. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED] Dovecot ready. A001 LOGIN john Q1r404uC
- BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. A001 NO [CLIENTBUG] Plaintext authentication disallowed on non-secure (SSL/TLS) connections. telnet> quit Connection closed.
$ telnet old_system_1.0.7 10143 Trying 192.168.1.4... Connected to new_system.com.au Escape character is '^]'.
- OK Dovecot ready. A001 LOGIN john Q1r404uC A001 OK Logged in.
Can anyone suggest what else I can enable to assist in determining why I can't appear to login. Its appears related to SSL/TLS but I don't seem to have enough to go on.
I'm probably doing something stupid as usual.
Regards
John