I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf

auth_policy_server_url = http://localhost:8084/

auth_policy_hash_nonce = our_password

auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64"

auth_policy_server_timeout_msecs = 2000

auth_policy_hash_mech = sha256

auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s

auth_policy_reject_on_fail = no

auth_policy_hash_truncate = 8

auth_policy_check_before_auth = yes

auth_policy_check_after_auth = yes

auth_policy_report_after_auth = yes

And auth_debug=yes

in /usr/local/etc/wforce.conf

webserver("0.0.0.0:8084", "our_password")

So when I run:

curl -X POST -H "Content-Type: application/json" --data '{"login":"ouruser", "remote": "127.0.0.1", "pwhash":"our_password"}' http://127.0.0.1:8084/?command=allow -u wforce:our_passwordi

{"msg": "", "r_attrs": {"defaultReturn": "1"}, "status": 0}

What's the value of wforce and super represent? -u for user? and super is the password for the user?

curl -X GET http://127.0.0.1:8084/?command=ping -u wforce:super

I always get:

{"status":"failure", "reason":"Unauthorized"}

Using Squirrelmail and logging in brings up the mails but I see these Policy server HTTP error: 401 Unauthorized errors over and over:

Mar 06 13:32:16 auth: Debug: http-client: peer 127.0.0.1:8084: Successfully connected (1 connections exist, 0 pending)

Mar 06 13:32:16 auth: Debug: http-client[1]: peer 127.0.0.1:8084: Using 1 idle connections to handle 1 requests (1 total connections ready)

Mar 06 13:32:16 auth: Debug: http-client[1]: queue http://localhost:8084: Connection to peer 127.0.0.1:8084 claimed request [Req1: POST http://localhost:8084/?command=allow]

Mar 06 13:32:16 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: Claimed request [Req1: POST http://localhost:8084/?command=allow]

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req1: POST http://localhost:8084/?command=allow]: Sent header

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req1: POST http://localhost:8084/?command=allow]: Send more (sent 100, buffered=357)

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req1: POST http://localhost:8084/?command=allow]: Finished sending payload

Mar 06 13:32:16 auth: Debug: http-client[1]: peer 127.0.0.1:8084: No more requests to service for this peer (1 connections exist, 0 pending)

Mar 06 13:32:16 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: Got 401 response for request [Req1: POST http://localhost:8084/?command=allow] (took 1 ms + 3 ms in queue)

Mar 06 13:32:16 auth: Error: policy(our_user,127.0.0.1,<7CmLNXGDisV/AAAB>): Policy server HTTP error: 401 Unauthorized

Mar 06 13:32:16 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: Response payload stream destroyed (0 ms after initial response)

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req1: POST http://localhost:8084/?command=allow]: Finished

Mar 06 13:32:16 auth: Debug: http-client[1]: queue http://localhost:8084: Dropping request [Req1: POST http://localhost:8084/?command=allow]

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req1: POST http://localhost:8084/?command=allow]: Free (requests left=1)

Mar 06 13:32:16 auth: Debug: http-client[1]: peer 127.0.0.1:8084: No requests to service for this peer (1 connections exist, 0 pending)

Mar 06 13:32:16 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: No more requests queued; going idle (timeout = 10000 msecs)

Mar 06 13:32:16 auth-worker(18997): Debug: Loading modules from directory: /usr/lib64/dovecot/auth

Mar 06 13:32:16 auth-worker(18997): Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so

Mar 06 13:32:16 auth-worker(18997): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so

Mar 06 13:32:16 auth-worker(18997): Debug: pam( our_user ,127.0.0.1,<7CmLNXGDisV/AAAB>): lookup service=dovecot

Mar 06 13:32:16 auth-worker(18997): Debug: pam( our_user ,127.0.0.1,<7CmLNXGDisV/AAAB>): #1/1 style=1 msg=Password:

Mar 06 13:32:16 auth: Debug: policy( our_user ,127.0.0.1,<7CmLNXGDisV/AAAB>): Policy request http://localhost:8084/?command=allow

Mar 06 13:32:16 auth: Debug: policy( our_user ,127.0.0.1,<7CmLNXGDisV/AAAB>): Policy server request JSON: {"device_id":"","login":"our_user","protocol":"imap","pwhash":"68","remote":"127.0.0.1","tls":false}

Mar 06 13:32:16 auth: Debug: http-client[1]: queue http://localhost:8084: Set request timeout to 2019-03-06 13:32:18.444 (now: 2019-03-06 13:32:16.444)

Mar 06 13:32:16 auth: Debug: http-client[1]: queue http://localhost:8084: Using existing connection to 127.0.0.1:8084 (1 requests pending)

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req2: POST http://localhost:8084/?command=allow]: Submitted (requests left=1)

Mar 06 13:32:16 auth: Debug: http-client[1]: peer 127.0.0.1:8084: Using 1 idle connections to handle 1 requests (1 total connections ready)

Mar 06 13:32:16 auth: Debug: http-client[1]: queue http://localhost:8084: Connection to peer 127.0.0.1:8084 claimed request [Req2: POST http://localhost:8084/?command=allow]

Mar 06 13:32:16 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: Claimed request [Req2: POST http://localhost:8084/?command=allow]

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req2: POST http://localhost:8084/?command=allow]: Sent header

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req2: POST http://localhost:8084/?command=allow]: Send more (sent 100, buffered=357)

Mar 06 13:32:16 auth: Debug: http-client[1]: request [Req2: POST http://localhost:8084/?command=allow]: Finished sending payload

Mar 06 13:32:16 auth: Debug: http-client[1]: peer 127.0.0.1:8084: No more requests to service for this peer (1 connections exist, 0 pending)

Mar 06 13:32:16 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: Got 401 response for request [Req2: POST http://localhost:8084/?command=allow] (took 0 ms + 0 ms in queue)