how to show FreeIPA/Kerberos Password expired on webmail login

30 Apr 2021


      Using dovecot-2.3.14-1.fc33.x86_64 with FreeIPA & Kerberos if a user's
password is expired in a web mail login, e.g., with Squirrelmail, the user
sees:
"Unknown user or password incorrect."
The dovecot logs show:
auth: Debug: client passdb out: FAIL    1       user=ouruser@ourdomain.edu
code=pass_expired     reason=Password expired  original_user=ouruser
imap-login: Debug: Ignoring unknown passdb extra field: original_user
imap-login: Info: Aborted login (password expired): user=<
ouruser@ourdomain.edu>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1,
secured, session=
Would this  be a feature request to show this message to users?
Also with debug logging there is a lot of log noise and are these errors
normal?
Error: passwd-file: open(/etc/dovecot/users) failed: No such file or
directory
as well as:
auth: Debug: http-client: conn x.x.x.x:8084 [1]: Client connection failed
(fd=23)
auth: Debug: http-client[1]: peer x.x.x.x:8084: Connection failed (1
connections exist, 0 pending)
auth: Debug: http-client: peer x.x.x.x:8084: Failed to make connection (1
connections exist, 0 pending)
auth: Debug: http-client[1]: peer x.x.x.x:8084: Failed to establish any
connection within our peer pool: connect(x.x.x.x:8084) failed: Connection
refused (1 connections exist, 0 pending)
auth: Debug: http-client[1]: queue https://x.x.x.x:8084: Failed to set up
connection to x.x.x.x:8084 (SSL=x.x.x.x): connect(x.x.x.x:8084) failed:
Connection refused (1 peers pending, 1 requests pending)
auth: Debug: http-client[1]: peer x.x.x.x:8084: Unlinked queue
https://x.x.x.x:8084 (0 queues linked)
auth: Debug: http-client[1]: queue https://x.x.x.x:8084: Failed to set up
any connection; failing all queued requests
auth: Debug: http-client[1]: request [Req1: POST
https://x.x.x.x:8084/?command=allow]: Error: 9003 connect(x.x.x.x:8084)
failed: Connection refused
auth: Debug: http-client[1]: queue https://x.x.x.x:8084: Dropping request
[Req1: POST https://x.x.x.x:8084/?command=allow]
auth: Debug: http-client: host x.x.x.x: Host is idle (timeout = 100 msecs)
auth: Error: policy(ouruser@ourdomain.edu,127.0.0.1,):
Policy server HTTP error: connect(x.x.x.x:8084) failed: Connection refused

Robert Kudyba

tags

participants (1)