Hi,
i'm trying to configure Dovecot proxy with user authentication on
proxy side only, so backends will authenticate using master password
(proxy is configured to send it). The problem is that Dovecot, on
backends, is telling me that i need to configure at least one auth
mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN
mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place
(=proxy). Any hints?
azur
On July 10, 2017 at 12:33 PM azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on
proxy side only, so backends will authenticate using master password
(proxy is configured to send it). The problem is that Dovecot, on
backends, is telling me that i need to configure at least one auth
mechanism:auth: Fatal: No passdbs specified in configuration file. LOGIN
mechanism needs oneThe master auth is correctly configured.
I want to accomplished to have user database only on one place
(=proxy). Any hints?azur
Can you show your backend doveconf -n?
Aki
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 12:33 PM azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place (=proxy). Any hints?
azur
Can you show your backend doveconf -n?
Aki
Here it is: https://pastebin.com/C8dTUm5k
On July 10, 2017 at 1:45 PM azurit@pobox.sk wrote:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 12:33 PM azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place (=proxy). Any hints?
azur
Can you show your backend doveconf -n?
Aki
Here it is: https://pastebin.com/C8dTUm5k
Try adding another entry after the first passdb (order matters)
passdb { driver = static args = nopassword deny = yes skip = authenticated }
Aki
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 1:45 PM azurit@pobox.sk wrote:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 12:33 PM azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place (=proxy). Any hints?
azur
Can you show your backend doveconf -n?
Aki
Here it is: https://pastebin.com/C8dTUm5k
Try adding another entry after the first passdb (order matters)
passdb { driver = static args = nopassword deny = yes skip = authenticated }
Aki
This seems to be working, thank you. Can you explain me why it's needed?
Citát azurit@pobox.sk:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 1:45 PM azurit@pobox.sk wrote:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 12:33 PM azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place (=proxy). Any hints?
azur
Can you show your backend doveconf -n?
Aki
Here it is: https://pastebin.com/C8dTUm5k
Try adding another entry after the first passdb (order matters)
passdb { driver = static args = nopassword deny = yes skip = authenticated }
Aki
This seems to be working, thank you. Can you explain me why it's needed?
No need to explain it anymore, i understand it now. I made a little
change and (probably) final version is this:
passdb { driver = static args = nopassword skip = authenticated }
I removed 'deny = yes' as, i believe, it's not needed and it was doing
problems with LMTP proxing ('User doesn't exist' error message from
backend LMTP). Thanks again.
azur
On July 11, 2017 at 11:50 AM azurit@pobox.sk wrote:
Citát azurit@pobox.sk:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 1:45 PM azurit@pobox.sk wrote:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 12:33 PM azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place (=proxy). Any hints?
azur
Can you show your backend doveconf -n?
Aki
Here it is: https://pastebin.com/C8dTUm5k
Try adding another entry after the first passdb (order matters)
passdb { driver = static args = nopassword deny = yes skip = authenticated }
Aki
This seems to be working, thank you. Can you explain me why it's needed?
No need to explain it anymore, i understand it now. I made a little
change and (probably) final version is this:passdb { driver = static args = nopassword skip = authenticated }
I removed 'deny = yes' as, i believe, it's not needed and it was doing
problems with LMTP proxing ('User doesn't exist' error message from
backend LMTP). Thanks again.azur
Hi!
This is very dangerous configuration, please consider using what Sami suggested, viz
passdb { driver = static args = password=masterpassword }
and remove the master auth completely.
then you can override user's password to masterpassword in proxy config.
Aki
Quoting Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 11, 2017 at 11:50 AM azurit@pobox.sk wrote:
Citát azurit@pobox.sk:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 1:45 PM azurit@pobox.sk wrote:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 12:33 PM azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place (=proxy). Any hints?
azur
Can you show your backend doveconf -n?
Aki
Here it is: https://pastebin.com/C8dTUm5k
Try adding another entry after the first passdb (order matters)
passdb { driver = static args = nopassword deny = yes skip = authenticated }
Aki
This seems to be working, thank you. Can you explain me why it's needed?
No need to explain it anymore, i understand it now. I made a little change and (probably) final version is this:
passdb { driver = static args = nopassword skip = authenticated }
I removed 'deny = yes' as, i believe, it's not needed and it was doing problems with LMTP proxing ('User doesn't exist' error message from backend LMTP). Thanks again.
azur
Hi!
This is very dangerous configuration, please consider using what
Sami suggested, vizpassdb { driver = static args = password=masterpassword }
and remove the master auth completely.
then you can override user's password to masterpassword in proxy config. Aki
This is awesome, as I was just contemplating how to maintain
persistence with 2FA.
Is it possible to use a passdb based on remote ip? There's a
username_filter, but I want to use a master password for webmail
(which will use 2FA via Radius), and those IPs are known and
non-routable.
Rick
Quoting Rick Romero <rick@havokmon.com>:
Quoting Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 11, 2017 at 11:50 AM azurit@pobox.sk wrote:
Citát azurit@pobox.sk:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 1:45 PM azurit@pobox.sk wrote:
Citát Aki Tuomi <aki.tuomi@dovecot.fi>:
On July 10, 2017 at 12:33 PM azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place (=proxy). Any hints?
azur
Can you show your backend doveconf -n?
Aki
Here it is: https://pastebin.com/C8dTUm5k
Try adding another entry after the first passdb (order matters)
passdb { driver = static args = nopassword deny = yes skip = authenticated }
Aki
This seems to be working, thank you. Can you explain me why it's needed?
No need to explain it anymore, i understand it now. I made a little change and (probably) final version is this:
passdb { driver = static args = nopassword skip = authenticated }
I removed 'deny = yes' as, i believe, it's not needed and it was doing problems with LMTP proxing ('User doesn't exist' error message from backend LMTP). Thanks again.
azur
Hi!
This is very dangerous configuration, please consider using what
Sami suggested, vizpassdb { driver = static args = password=masterpassword }
and remove the master auth completely.
then you can override user's password to masterpassword in proxy config. Aki
This is awesome, as I was just contemplating how to maintain
persistence with 2FA. Is it possible to use a passdb based on remote ip? There's a
username_filter, but I want to use a master password for webmail
(which will use 2FA via Radius), and those IPs are known and
non-routable. Rick
Maybe just in the SQL passdb would be better...
password_query = SELECT userid as user, if(host =
'192.168.1.1',encrypt('masterpassword'), pass_field) as password,
FROM users WHERE userid = '%u'
On 12 Jul 2017, at 15.46, Rick Romero <rick@havokmon.com> wrote: This is awesome, as I was just contemplating how to maintain persistence with 2FA. Is it possible to use a passdb based on remote ip? There's a username_filter, but I want to use a master password for webmail (which will use 2FA via Radius), and those IPs are known and non-routable.
passdb { driver = static args = password=masterpassword allow_nets=192.168.0.0/24 }
or can even use single ip like allow_nets=192.168.1.234
Sami
Citát Sami Ketola <sami.ketola@dovecot.fi>:
On 12 Jul 2017, at 15.46, Rick Romero <rick@havokmon.com> wrote: This is awesome, as I was just contemplating how to maintain
persistence with 2FA. Is it possible to use a passdb based on remote ip? There's a
username_filter, but I want to use a master password for webmail
(which will use 2FA via Radius), and those IPs are known and
non-routable.passdb { driver = static args = password=masterpassword allow_nets=192.168.0.0/24 }
or can even use single ip like allow_nets=192.168.1.234
Sami
Thanks guys, i reworked it like this (i already allowed only proxy IP
on firewall but thanks for suggestion, i added also allow_nets, just
to be sure) and everything is working fine.
azur
On 10 Jul 2017, at 12.33, azurit@pobox.sk wrote:
Hi,
i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism:
auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one
The master auth is correctly configured.
I want to accomplished to have user database only on one place (=proxy). Any hints?
In the config sample provided in another mail you have configured master *user* passdb but in this mail you talk about master password passdb? which one it is?
I think for what you are trying to achieve, master password auth is more suitable. So change your passdb to something like this:
passdb { driver = static args = password=masterpassword }
simple as that.
Sami
participants (4)
-
Aki Tuomi
-
azurit@pobox.sk
-
Rick Romero
-
Sami Ketola