[Dovecot] checkpassword auth issues
Hi,
ok, I'm am developing a new solution that includes dovecot, and will be wanting to use the latest sieve implementation, so I have chosen to start with 1.2 as the base.
I had a working install of 1.1.8 installed, and got a checkpassword setup working properly with it to authenticate a user. I used the passdb to call checkpassword, and the prefetch userdb to tell it to use the values that I sent back from the checkpassword script...
I compiled and installed 1.2.alpha5, and now my checkpassword does not seem to be working, and I can't figure out why. If I go back and install 1.1.8, it all works again...
here is the dovecot -n : [root@mta3 /local/logs]# dovecot -n # 1.2.alpha5: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.0-STABLE i386 log_path: /local/logs/dovecot.errors protocols: imap imaps pop3 pop3s disable_plaintext_auth: no login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login verbose_proctitle: yes first_valid_uid: 100 mail_uid: 100 mail_gid: 100 mail_location: maildir:%h/Maildir mail_debug: yes mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: username_translation: %@ username_format: %Lu verbose: yes debug: yes debug_passwords: yes passdb: driver: checkpassword args: /bin/checkpassword userdb: driver: prefetch
and here is a snip of the logs that I get when trying to log in :
dovecot: Jan 19 11:37:47 Info: auth(default): client in: AUTH 1
PLAIN service=imap secured lip=209.132.1.203
rip=209.132.9.162 lport=993 rport=1053
dovecot: Jan 19 11:37:47 Info: auth(default): client out: CONT 1
dovecot: Jan 19 11:37:47 Info: auth(default): client in: CONT 1
AHRpbUBtdGEzLnNjYWxlZHN5c3RlbXMuY29tAENvbGRTdW4x
dovecot: Jan 19 11:37:47 Info: auth(default):
checkpassword(tim@mta3.scaledsystems.com,209.132.9.162): execute:
/bin/checkpassword /usr/local/libexec/dovecot/checkpassword-reply
dovecot: Jan 19 11:37:47 Info: auth(default):
checkpassword(tim@mta3.scaledsystems.com,209.132.9.162): Received input:
user=tim@mta3.scaledsystems.com
userdb_home=/home/mailboxes/data/30/tim@mta3.scaledsystems.com
userdb_uid=100 userdb_gid=100
dovecot: Jan 19 11:37:47 Info: auth(default):
checkpassword(tim@mta3.scaledsystems.com,209.132.9.162): Received no input
dovecot: Jan 19 11:37:47 Info: auth(default):
checkpassword(tim@mta3.scaledsystems.com,209.132.9.162): exit_status=2
dovecot: Jan 19 11:37:47 Error: auth(default):
checkpassword(tim@mta3.scaledsystems.com,209.132.9.162): Child 43345
exited with status 2
As you can see, the checkpassword routine is indeed sending outthe userdb_home variable as well as the other necessary variables.
Is it possible that checks for the return code from calling the checkpassword script have changed between the versions??? I currently exit the checkpassword script with _exit(0); to make the status 0 when it is successful, and I also set the AUTHORIZED environment variable to "2" as told...
wierd thing is that it works in 1.1.8, but not in 1.2
Thanks,
Tim.
On Mon, 2009-01-19 at 12:17 -0800, Tim Traver wrote:
Is it possible that checks for the return code from calling the checkpassword script have changed between the versions??? I currently exit the checkpassword script with _exit(0); to make the status 0 when it is successful, and I also set the AUTHORIZED environment variable to "2" as told...
Don't set AUTHORIZED environment. It's only if you're using it as a userdb (but you're using prefetch).
Timo Sirainen wrote:
On Mon, 2009-01-19 at 12:17 -0800, Tim Traver wrote:
Is it possible that checks for the return code from calling the checkpassword script have changed between the versions??? I currently exit the checkpassword script with _exit(0); to make the status 0 when it is successful, and I also set the AUTHORIZED environment variable to "2" as told...
Don't set AUTHORIZED environment. It's only if you're using it as a userdb (but you're using prefetch).
Timo,
Thanks. That did it...although I'm not sure why it worked ok in 1.1.8, but all fixed...
Tim.
On Mon, 2009-01-19 at 14:51 -0800, Tim Traver wrote:
Timo Sirainen wrote:
On Mon, 2009-01-19 at 12:17 -0800, Tim Traver wrote:
Is it possible that checks for the return code from calling the checkpassword script have changed between the versions??? I currently exit the checkpassword script with _exit(0); to make the status 0 when it is successful, and I also set the AUTHORIZED environment variable to "2" as told...
Don't set AUTHORIZED environment. It's only if you're using it as a userdb (but you're using prefetch).
Timo,
Thanks. That did it...although I'm not sure why it worked ok in 1.1.8, but all fixed...
v1.1 doesn't support userdb checkpassword at all and just ignores the AUTHORIZED environment. I improved the error message now:
Child %s exited with status 2 (tried to use userdb-only checkpassword program for passdb?)
participants (2)
-
Tim Traver
-
Timo Sirainen