Aborted login (auth failed)
Hi,
My SSL auth got invalid, so I updated my SSL configuration (Apache works)
This ist the log:
Apr 22 11:01:55 rosi dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Apr 22 11:01:55 rosi dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Apr 22 11:01:55 rosi dovecot: auth: Debug: auth client connected (pid=3466) Apr 22 11:01:55 rosi dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=a5AlFA8x3gAAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=48350#011resp=<hidden> Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): lookup service=dovecot Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): #1/1 style=1 msg=Password: Apr 22 11:01:57 rosi dovecot: auth-worker(3460): pam(test,::1): pam_authenticate() failed: Authentication failure (password mismatch?) Apr 22 11:01:59 rosi dovecot: auth: Debug: client passdb out: FAIL#0111#011user=test Apr 22 11:01:59 rosi dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<test>, method=PLAIN, rip=::1, lip=::1, secured, session=<a5AlFA8x3gAAAAAAAAAAAAAAAAAAAAAB>
A login via SSH is working, What could be the reason for the login fail?
This is my config:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-85-generic x86_64 Ubuntu 14.04.4 LTS auth_debug = yes auth_verbose = yes mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace { hidden = yes inbox = yes list = no location = mbox:~/mail:INBOX=/var/mail/%u prefix = "#mbox/" separator = / type = private } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap pop3" service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } sl_ca = </etc/letsencrypt/live/HOST/chain.pem ssl_cert = </etc/letsencrypt/live/HOST/cert.pem ssl_key = </etc/letsencrypt/live/HOST/privkey.pem userdb { driver = passwd } verbose_ssl = yes protocol imap { mail_max_userip_connections = 400 }
Thanks in advance for your help!
KR, Christof
--
<http://www.oe8.oevsv.at>Landesverband Kärnten Christof Bodner, OE8BCK Bertha-von-Suttnerstraße 6/4 9500 Villach
email: mailto:oe8bck@oevsv.at Tel.: +43-650-7215383
GnuPG public key: 0x7204CB8C Fingerprint 4065 0716 9A15 E26B 2286 9F04 FD3B 74E9 7204 CB8C
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 22 Apr 2016, Christof Bodner wrote:
Apr 22 11:01:55 rosi dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=a5AlFA8x3gAAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=48350#011resp=<hidden> Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): lookup service=dovecot Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): #1/1 style=1 msg=Password: Apr 22 11:01:57 rosi dovecot: auth-worker(3460): pam(test,::1): pam_authenticate() failed: Authentication failure (password mismatch?)
it says failure, are you sure that PAM uses the same backends for Dovecot and SSH?
A login via SSH is working, What could be the reason for the login fail?
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVxoSrHz1H7kL/d9rAQJ54Qf8DumBO/FuQcky+kO9rln2I7mS8FNdXepU B6CRjP8JABmxIz6m48ntgPbUZVEztA9ApAfCw6iRLPaCf/NFnia3m1vQeyku49K9 jujF5beVlOsg+HFuttZ4mgTZs2cMnSJaVhzs2NHZtdCMKLzgrC0x5+rm62/VUKsy EONqpKm8h9lMXhWkFAkA+jpEocgLsdeY0TFcHeCTRirI2dsqNPQ7ifUPg6EtE3pK ccUL+doe5huZAMtc4JOSZmpGVOvmEmL4ig7Duk+9GmSptZ/7I3jHvOR1yNMaq3sb buFT5I7FHhP1Avxp6GY/+nTYhPQ+IRu7+aMBdq3vJgWaZyANv7mHLg== =MsiI -----END PGP SIGNATURE-----
Hi,
ssh -v -l test 10.0.1.117
debug1: Next authentication method: password test@10.0.1.117's password: debug1: Authentication succeeded (password). Authenticated to 10.0.1.117 ([10.0.1.117]:22). debug1: channel 0: new [client-session]
$ telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot (Ubuntu) ready. a1 LOGIN test 12345 a1 NO [ALERT] Password:
Apr 22 20:40:11 rosi dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Apr 22 20:40:11 rosi dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Apr 22 20:40:11 rosi dovecot: auth: Debug: auth client connected (pid=11154) Apr 22 20:40:18 rosi dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=012XKBcxmgAAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=48794#011resp=<hidden> Apr 22 20:40:18 rosi dovecot: auth-worker(11158): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Apr 22 20:40:18 rosi dovecot: auth-worker(11158): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so Apr 22 20:40:18 rosi dovecot: auth-worker(11158): Debug: pam(test,::1): lookup service=dovecot Apr 22 20:40:18 rosi dovecot: auth-worker(11158): Debug: pam(test,::1): #1/1 style=1 msg=Password: Apr 22 20:40:20 rosi dovecot: auth-worker(11158): pam(test,::1): pam_authenticate() failed: Authentication failure (password mismatch?) Apr 22 20:40:22 rosi dovecot: auth: Debug: client passdb out: FAIL#0111#011user=test#011reason=Password:
The PAM configuration is the same:
$ cat /etc/pam.d/login ... # Standard Un*x account and session @include common-account @include common-session @include common-password ...
$ cat /etc/pam.d/dovecot #%PAM-1.0
@include common-auth @include common-account @include common-session @include common-password
So I'm quite sure that PAM uses the same backends. Any other ideas?
KR, Christof
Am 2016-04-22 14:01, schrieb Steffen Kaiser:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 22 Apr 2016, Christof Bodner wrote:
Apr 22 11:01:55 rosi dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=a5AlFA8x3gAAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=48350#011resp=<hidden>
Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): lookup service=dovecot Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): #1/1 style=1 msg=Password: Apr 22 11:01:57 rosi dovecot: auth-worker(3460): pam(test,::1): pam_authenticate() failed: Authentication failure (password mismatch?)
it says failure, are you sure that PAM uses the same backends for Dovecot and SSH?
A login via SSH is working, What could be the reason for the login fail?
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVxoSrHz1H7kL/d9rAQJ54Qf8DumBO/FuQcky+kO9rln2I7mS8FNdXepU B6CRjP8JABmxIz6m48ntgPbUZVEztA9ApAfCw6iRLPaCf/NFnia3m1vQeyku49K9 jujF5beVlOsg+HFuttZ4mgTZs2cMnSJaVhzs2NHZtdCMKLzgrC0x5+rm62/VUKsy EONqpKm8h9lMXhWkFAkA+jpEocgLsdeY0TFcHeCTRirI2dsqNPQ7ifUPg6EtE3pK ccUL+doe5huZAMtc4JOSZmpGVOvmEmL4ig7Duk+9GmSptZ/7I3jHvOR1yNMaq3sb buFT5I7FHhP1Avxp6GY/+nTYhPQ+IRu7+aMBdq3vJgWaZyANv7mHLg== =MsiI -----END PGP SIGNATURE-----
--
<http://www.oe8.oevsv.at>Landesverband KärntenChristof Bodner, OE8BCK Pestalozzistzraße 11/6 9500 Villach
email: mailto:oe8bck@oevsv.at Tel.: +43-650-7215383
GnuPG public key: 8A265334 Fingerprint CF71 08D2 18B8 A824 37A5 B80E 0888 37E1 8A26 5334
participants (2)
-
Christof Bodner
-
Steffen Kaiser