I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way":
passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch }
I've created a checkpassword program that does receive the correct user and password from dovecot. And I am successfully authenticating with ntlm_auth and exiting with status 0. My debug output:
AUTHORIZED: (null) USER: (null) userdb_uid: (null) userdb_gid: (null) arg1=/usr/local/libexec/dovecot/checkpassword-reply CMD: /usr/bin/ntlm_auth --username="mark" --password='mypass' ntlm_auth status: 0
Now, the wiki says 2 things that have me stumped:
- It says that, "Dovecot calls the script with AUTHORIZED=1 environment set when performing a userdb lookup. The script must acknowledge this by changing the environment to AUTHORIZED=2, otherwise the lookup fails."
As you can see from my program log, "AUTHORIZED" is not set. Why? Nor are any of the other environment variables mentioned in the wiki. I've listed all the environment variables that *are* passed to the program at the bottom of this message.
- The wiki says, "Your program received a path to checkpassword-reply binary as the first parameter. Execute it."
I did so as a fork() and then execve("/usr/local/libexec/dovecot/checkpassword-reply") How do I know it worked ... or failed?
What am I doing wrong?
Dovecot log entries:
Sep 10 22:54:04 auth: Debug: auth client connected (pid=14748) Sep 10 22:54:04 auth: Debug: client in: AUTH 1 PLAIN service=imap session=AkYg1G8f8QDAqAA6 lip=192.168.0.2 rip=192.168.0.58 lport=143 rport=49649 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data) Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,<AkYg1G8f8QDAqAA6>): execute: /user/util/bin/checkpassword /usr/local/libexec/dovecot/checkpassword-reply Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,<AkYg1G8f8QDAqAA6>): exit_status=0 Sep 10 22:54:04 auth: Debug: checkpassword(mark,192.168.0.58,<AkYg1G8f8QDAqAA6>): Received input: Sep 10 22:54:06 auth: Debug: client passdb out: FAIL 1 user=mark temp
ENV variables passed to the checkpassword program:
DOVECOT_PRESERVE_ENVS=TZ CORE_OUTOFMEM CORE_ERROR DOVECOT_CHILD_PROCESS=1 CONFIG_FILE=/usr/local/var/run/dovecot/config CLIENT_LIMIT=1000 PROCESS_LIMIT=1 PROCESS_MIN_AVAIL=0 IDLE_KILL=60 GENERATION=2991 DOVECOT_HOSTNAME=mail DOVECOT_HOSTDOMAIN=mail.hprs.local DOVECOT_VERSION=2.2.15 LOG_SERVICE=1 SOCKET_COUNT=6 SSL_SOCKET_COUNT=0 SOCKET_NAMES=login tokenlogin auth-login auth-client auth-userdb auth-master PROTO=TCP ORIG_UID=151 SERVICE=imap TCPLOCALIP=192.168.0.2 LOCAL_IP=192.168.0.2 TCPREMOTEIP=192.168.0.58 REMOTE_IP=192.168.0.58 TCPLOCALPORT=143 TCPREMOTEPORT=49649 AUTH_USER=mark AUTH_USERNAME=mark AUTH_SERVICE=imap AUTH_LIP=192.168.0.2 AUTH_RIP=192.168.0.58 AUTH_PID=14748 AUTH_MECH=PLAIN AUTH_SECURED= AUTH_LPORT=143 AUTH_RPORT=49649 AUTH_CERT= AUTH_SESSION=AkYg1G8f8QDAqAA6 AUTH_REAL_LIP=192.168.0.2 AUTH_REAL_RIP=192.168.0.58 AUTH_REAL_LPORT=143 AUTH_REAL_RPORT=49649 AUTH_ORIG_USER=mark AUTH_ORIG_USERNAME=mark
--Mark