Re: Director & Master Users

It would look as though the changes have now negatively affected a "normal" user from logging in.

telnet host 143

a login username password

a NO [AUTHENTICATIONFAILED] Authentication failed.

telnet host 143

1 login devteam*masteruser@example.com password

1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST- EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE QUOTA] Logged in

What do you think?

Thanks.

On Feb 15 2018, at 3:19 pm, Travis Dolan travis.dolan@gmail.com wrote:

Awesome, thanks for the advice. Using the following now works...

passdb {

driver = static

args = proxy=y password=doesnotmatter

}

Cheers.

On Feb 15 2018, at 2:40 pm, Aki Tuomi aki.tuomi@dovecot.fi wrote:

...

...

On 15 February 2018 at 20:22 Travis Dolan travis.dolan@gmail.com wrote:

Hello,

I have Director setup to proxy requests to backend servers. This works fine
when using "standard" username/passwords.

I am not try to enable the use of the Dovecot Master user through Director
into the backend servers.

a.) username is being sent as masteruser*username
b.) request hits the proxy and authenticates, and then is passed to the
backend servers and fails auth.

\- logs from proxy/Director point of view.

auth: Info:
passwd-file(masteruser,172.31.33.224,master,): Master
user logging in as devteam

imap-login: Info: proxy(devteam): Login failed to backend.servers:143
(master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:
user=<devteam>, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,
session= l6P+sHyHg>

\- logs from backend server point of view.

imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):
user=<masterusername>, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99,
session=<O8QN8kNlloXAqEcU>

Proxy/Director Configs (hopefully this is enough)

auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/conf.d/master-user-password
master = yes
pass = yes
}

passdb {
driver = static
args = proxy=y nopassword=y
}

Please let me know if I can provide any further details.

Thanks in advance.

...

...

You could consider using "master password" instead.

...

...

This works so that you configure proxy to use pass=some_static_password as the password forward, and you can then use static passdb in director, as in

...

...

passdb {
driver = static
args = password=some_static_password ....
}

...

...

This way you don't need to setup master user authentication.

...

...

Aki