Dovecot24 - passdb configuration syntax
Hello, as Dovecot 2.4.1 has been published, I started investigation how I need to modify my existing Dovecot 2.3.x configuration, which worked flawlessly the last 5 years. With the help of the doveconf tool I've identified the parameters which need to be modified and I got rid of the error message at the end. Nevertheless, not getting any errors displayed, does not automatically mean, that it has correctly been configured.
Here is the initial auth configuration and hopefully the right 2.4 version:
Dovecot23: disable_plaintext_auth = yes auth_username_format = %Lu auth_mechanisms = plain login cram-md5
passdb {
driver = passwd-file
args = username_format=%Lu /path/to/aliases-file
}
passdb {
driver = passwd-file
args = scheme=cram-md5 /path/to/cram-md5-file
}
userdb {
driver = passwd
}Dovecot24: auth_allow_cleartext = no auth_username_format = %{user | lower} auth_mechanisms = plain login cram-md5
passdb aliases-file {
passwd_file_path = /path/to/aliases-file
}
passdb md5-file {
passwd_file_path = /path/to/cram-md5-file
}
userdb passwd-file {
passwd_file_path = /etc/passwd
}Here are my questions:
The first passdb configuration (aliases file) initially contained the "args = username_format=%Lu ..." option. Do I still need to convert this to a dedicated "auth_username_format = %{user | lower}" line or is this already covered by the global "auth_username_format" setting?
The second passdb configuration (cram-md5 file) initially contained the "args = scheme=cram-md5 ..." option. I couldn't find any replacement for it. Does this mean the only alternative would be to prefix all passwords in the password file with "{CRAM-MD5}"?
For the third userdb configuration (passwd file) I made use of the "passwd_file_path" parameter. Is this a valid replacement for the original "driver = passwd" entry or have I forgotten anything?
BTW, I was curious if ChatGPT could do the job faster than me, but I can say "not yet". It made several errors and had to be corrected one by one but that might change in the future if more and more people are asking for support on this topic.
Thanks Juergen
-- Mail: juergen@eisfair.org
See answers inline
On 15/04/2025 19:50 EEST Juergen Edner via dovecot <dovecot@dovecot.org> wrote:
Hello, as Dovecot 2.4.1 has been published, I started investigation how I need to modify my existing Dovecot 2.3.x configuration, which worked flawlessly the last 5 years. With the help of the doveconf tool I've identified the parameters which need to be modified and I got rid of the error message at the end. Nevertheless, not getting any errors displayed, does not automatically mean, that it has correctly been configured.
Here is the initial auth configuration and hopefully the right 2.4 version:
Dovecot23: disable_plaintext_auth = yes auth_username_format = %Lu auth_mechanisms = plain login cram-md5
passdb { driver = passwd-file args = username_format=%Lu /path/to/aliases-file } passdb { driver = passwd-file args = scheme=cram-md5 /path/to/cram-md5-file } userdb { driver = passwd }Dovecot24: auth_allow_cleartext = no auth_username_format = %{user | lower} auth_mechanisms = plain login cram-md5
passdb aliases-file { passwd_file_path = /path/to/aliases-file } passdb md5-file { passwd_file_path = /path/to/cram-md5-file } userdb passwd-file { passwd_file_path = /etc/passwd }Here are my questions:
- The first passdb configuration (aliases file) initially contained the "args = username_format=%Lu ..." option. Do I still need to convert this to a dedicated "auth_username_format = %{user | lower}" line or is this already covered by the global "auth_username_format" setting?
Yes, it's covered.
- The second passdb configuration (cram-md5 file) initially contained the "args = scheme=cram-md5 ..." option. I couldn't find any replacement for it. Does this mean the only alternative would be to prefix all passwords in the password file with "{CRAM-MD5}"?
default_password_scheme = cram-md5
- For the third userdb configuration (passwd file) I made use of the "passwd_file_path" parameter. Is this a valid replacement for the original "driver = passwd" entry or have I forgotten anything?
You are missing
driver = passwd-file
on all of them.
BTW, I was curious if ChatGPT could do the job faster than me, but I can say "not yet". It made several errors and had to be corrected one by one but that might change in the future if more and more people are asking for support on this topic.
Thanks Juergen
-- Mail: juergen@eisfair.org
Aki
participants (2)
-
Aki Tuomi
-
Juergen Edner