[Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>
Hi,
I have set up ImapcProxy based on the wiki2 page. My server is set up for no plain text auth without starttls. When I am trying to login in the proxy server, I am getting an error Unknown username/password. The log says: *dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>* The server log: *dovecot: imap-login: Disconnected (tried to use disabled plaintext auth): rip=10.x.x.x, lip=10.x.x.y*
Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts?
Thanks and regards,
Suja
-- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-f... Sent from the Dovecot mailing list archive at Nabble.com.
Am 08.03.2013 07:08, schrieb pvsuja:
Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts?
Mhh, well, communication encryption and password encryption are two different things. If you speak over SSL with your server, it doesn't matter if the password is transmitted in plain.
Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed
...... STARTTLS AUTH=PLAIN AUTH=LOGIN .....
I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot?
-- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-f... Sent from the Dovecot mailing list archive at Nabble.com.
On 3/8/2013 1:04 AM, pvsuja wrote:
Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed
...... STARTTLS AUTH=PLAIN AUTH=LOGIN .....
I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot?
From the template /etc/dovecot/conf.d/10-auth.conf
# Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes
Dem
On 8.3.2013, at 8.08, pvsuja pvsuja@gmail.com wrote:
Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts?
imapc_ssl = starttls
See also other related settings in http://wiki2.dovecot.org/Migration/Dsync
I guess imapc should have its own wiki page some day.
Thanks a lot! I got it done with imapc_ssl and imapc_ssl_ca_dir settings. I was not aware of those settings.
Thanks a bunch!
On Wed, Mar 20, 2013 at 10:58 PM, Timo Sirainen [via Dovecot] < ml-node+s2317879n40933h39@n4.nabble.com> wrote:
On 8.3.2013, at 8.08, pvsuja <[hidden email]http://user/SendEmail.jtp?type=node&node=40933&i=0> wrote:
Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts?
imapc_ssl = starttls
See also other related settings in http://wiki2.dovecot.org/Migration/Dsync
I guess imapc should have its own wiki page some day.
If you reply to this email, your message will be added to the discussion below:
http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-f... To unsubscribe from dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<1pBG/03XogB/AAAB>, click herehttp://dovecot.2317879.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=40684&code=cHZzdWphQGdtYWlsLmNvbXw0MDY4NHwtNzgyNTk5NDQ0 . NAMLhttp://dovecot.2317879.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
-- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-f... Sent from the Dovecot mailing list archive at Nabble.com.
participants (4)
-
Jan Phillip Greimann
-
Professa Dementia
-
pvsuja
-
Timo Sirainen