Hi,
I was wondering:
1 - Is it possible to configure authentication methods per user? For example, oauth2 for most users, but plain for others? 2 - I had a feeling that when oauth2 authentication fails, dovecot tries to authenticate via plain with the received token. Doesn’t seem logical, but I get my user blocked on my directory server (freeipa) after a few failed oath authentications. If so, can this be prevented?
Best,
Francis
On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot <dovecot@dovecot.org> wrote: Hi, I was wondering: 1 - Is it possible to configure authentication methods per user? For example, oauth2 for most users, but plain for others? 2 - I had a feeling that when oauth2 authentication fails, dovecot tries to authenticate via plain with the received token. Doesn’t seem logical, but I get my user blocked on my directory server (freeipa) after a few failed oath authentications. If so, can this be prevented? Best, Francis _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org Yep. See https://doc.dovecot.org/configuration_manual/authentication/ password_databases_passdb/#passdb-setting you can filter by mechanism. Aki
On 9 May 2024, at 19:45, Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot <dovecot@dovecot.org <mailto:dovecot@dovecot.org>> wrote:
Hi,
I was wondering:
1 - Is it possible to configure authentication methods per user? For example, oauth2 for most users, but plain for others? 2 - I had a feeling that when oauth2 authentication fails, dovecot tries to authenticate via plain with the received token. Doesn’t seem logical, but I get my user blocked on my directory server (freeipa) after a few failed oath authentications. If so, can this be prevented?
Best,
Francis
dovecot mailing list -- dovecot@dovecot.org <mailto:dovecot@dovecot.org> To unsubscribe send an email to dovecot-leave@dovecot.org <mailto:dovecot-leave@dovecot.org> Yep. See https://doc.dovecot.org/configuration_manual/authentication/password_databas...
you can filter by mechanism.
Aki
Thanks, this is great!
Best, Francis
On 9 May 2024, at 19:45, Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot <dovecot@dovecot.org <mailto:dovecot@dovecot.org>> wrote:
Hi,
I was wondering:
1 - Is it possible to configure authentication methods per user? For example, oauth2 for most users, but plain for others? 2 - I had a feeling that when oauth2 authentication fails, dovecot tries to authenticate via plain with the received token. Doesn’t seem logical, but I get my user blocked on my directory server (freeipa) after a few failed oath authentications. If so, can this be prevented?
Best,
Francis
dovecot mailing list -- dovecot@dovecot.org <mailto:dovecot@dovecot.org> To unsubscribe send an email to dovecot-leave@dovecot.org <mailto:dovecot-leave@dovecot.org> Yep. See https://doc.dovecot.org/configuration_manual/authentication/password_databas...
you can filter by mechanism.
Aki
The weird thing is that I get this still:
May 09 21:45:47 auth: Error: oauth2(myuser@mydomain.com,48.237.124.127): oauth2 failed: Introspection failed: No username returned May 09 21:45:47 auth: Error: ldap(myuser@mydomain.com,48.237.124.127): ldap_bind() failed: Constraint violation
Even when I have my configuration like this:
auth_mechanisms = $auth_mechanisms xoauth2 oauthbearer
passdb { driver = oauth2 mechanisms = xoauth2 oauthbearer args = /etc/dovecot/dovecot-oauth2.conf.ext result_failure=return-fail }
What could be the cause?
Best, Francis
This may help, see the post from 9/9/2021: https://github.com/goauthentik/authentik/issues/1234
On 5/9/2024 2:50 PM, Francis Augusto Medeiros-Logeay via dovecot wrote:
On 9 May 2024, at 19:45, Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot <dovecot@dovecot.org <mailto:dovecot@dovecot.org>> wrote:
Hi,
I was wondering:
1 - Is it possible to configure authentication methods per user? For example, oauth2 for most users, but plain for others? 2 - I had a feeling that when oauth2 authentication fails, dovecot tries to authenticate via plain with the received token. Doesn’t seem logical, but I get my user blocked on my directory server (freeipa) after a few failed oath authentications. If so, can this be prevented?
Best,
Francis
dovecot mailing list -- dovecot@dovecot.org <mailto:dovecot@dovecot.org> To unsubscribe send an email to dovecot-leave@dovecot.org <mailto:dovecot-leave@dovecot.org> Yep. See https://doc.dovecot.org/configuration_manual/authentication/password_databas...
you can filter by mechanism.
Aki The weird thing is that I get this still:
May 09 21:45:47 auth: Error: oauth2(myuser@mydomain.com,48.237.124.127): oauth2 failed: Introspection failed: No username returned May 09 21:45:47 auth: Error: ldap(myuser@mydomain.com,48.237.124.127): ldap_bind() failed: Constraint violation
Even when I have my configuration like this:
auth_mechanisms = $auth_mechanisms xoauth2 oauthbearer
passdb { driver = oauth2 mechanisms = xoauth2 oauthbearer args = /etc/dovecot/dovecot-oauth2.conf.ext result_failure=return-fail }
What could be the cause?
Best, Francis
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Christopher Wensink IS Administrator Five Star Plastics, Inc 1339 Continental Drive Eau Claire, WI 54701 Office: 715-831-1682 Mobile: 715-563-3112 Fax: 715-831-6075 cwensink@five-star-plastics.com www.five-star-plastics.com
participants (3)
-
Aki Tuomi
-
Christopher Wensink
-
Francis Augusto Medeiros-Logeay