[Dovecot] auth failure with digest-md5
Hi!
I'm using: Dovecot 1.0.beta8 OpenBSD 3.9 KMail 1.9.3
My password file contains only one user now. I've changed its password to a dumb one: 'asd' (so this is not a wrong password failure :)
I've configured the PLAIN and DIGEST-MD5 mechanisms in dovecot.conf, and I'm only using pop3. Also I've turned on the verbose auth logging, and I'm attaching the logs inline. My password db contains the {DIGEST-MD5} prefixed password. The problem is very simple but very weird. I start the dovecot server and try to log in. It succeeds, I'm happy. But after one (the first) success, all further logins fails. Yes this a sometimes working/sometimes not problem, which is rare in this business...
Here is the log of the first success:
00:48:41 Info: auth(default): client in: AUTH 1 DIGEST-MD5 service=POP3
secured lip=192.168.0.202 rip=192.168.0.3 resp=
<newline>
00:48:41 Info: auth(default): client out: CONT 1
cmVhbG09IiIsbm9uY2U9ImJua2tUaHBDVURJblFENWRJZlgyb1E9PSIscW9wPSJhdXRoIixjaGFyc2V0PSJ1dGYtOCIsYWxnb3JpdGhtPSJtZDUtc2VzcyI=
<newline>
00:48:41 Info: auth(default): client in: CONT 1
dXNlcm5hbWU9ImxldmEiLHJlYWxtPSIiLG5vbmNlPSJibmtrVGhwQ1VESW5RRDVkSWZYMm9RPT0iLGNub25jZT0iTy9MYndLMVo1dWc4ZURiT2wzaWlhN2ZsTUVTV3MvN1JSc05HL3JPbzhpND0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InBvcC8xOTIuMTY4LjAuMjAyIixyZXNwb25zZT0wYTQ3ZmUyNmVlMDg0MWE4ZDgzNTM3NzI5MzUxZmE3YQ==
<newline>
00:48:41 Info: auth(default): client out: CONT 1
cnNwYXV0aD01MmQ1YTRlNTVhNWNiYzA0NDk2YTg5ODcyMDMwMGUxYw==
<newline>
00:48:41 Info: auth(default): client in: CONT 1
<newline>
00:48:41 Info: auth(default): client out: OK 1 user=username
<newline>
00:48:41 Info: auth(default): master in: REQUEST 9 15718 1
<newline>
00:48:41 Info: auth(default): master out: USER 9 username uid=6000
gid=6000 home=/var/mail/virtual/username/./
<newline>
00:48:41 Info: pop3-login: Login: user=<username>, method=DIGEST-MD5,
rip=192.168.0.3, lip=192.168.0.202, TLS
<newline>
00:48:41 Info: POP3(username): Disconnected: Logged out top=0/0,
retr=0/0, del=0/0, size=0
And after that, every login fails:
00:49:28 Info: auth(default): client in: AUTH 1 DIGEST-MD5 service=POP3 secured lip=192.168.0.202 rip=192.168.0.3 resp=dXNlcm5hbWU9ImxldmEiLHJlYWxtPSIiLG5vbmNlPSJibmtrVGhwQ1VESW5RRDVkSWZYMm9RPT0iLGNub25jZT0iTy9MYndLMVo1dWc4ZURiT2wzaWlhN2ZsTUVTV3MvN1JSc05HL3JPbzhpND0iLG5jPTAwMDAwMDAyLHFvcD1hdXRoLGRpZ2VzdC11cmk9InBvcC8xOTIuMTY4LjAuMjAyIixyZXNwb25zZT0wMWRkMDNjYTcyMzBmMzM5YjRiY2NlM2VmMTcwMGU4Yw== <newline> 00:49:28 Info: pop3-login: Aborted login: method=DIGEST-MD5, rip=192.168.0.3, lip=192.168.0.202, TLS <newline> 00:49:28 Info: auth(default): passwd-file /etc/dovecot.passwd: Read 1 users
I can notice that the second (the failure) log is shorter than the first (the success). Maybe something is missing from there.
The PLAIN auth mechanism is working, even after a failed DIGEST-MD5 login. In fact the PLAIN login always works :)
Thanks!
Daniel
-- LeVA
On 18.8.2006, at 2.44, LeVA wrote:
..
00:49:28 Info: auth(default): client in: AUTH 1 DIGEST-MD5
service=POP3 secured lip=192.168.0.202 rip=192.168.0.3 resp=dXNlcm5hbWU9ImxldmEiLHJlYWxtPSIiLG5vbmNlPSJibmtrVGhwQ1VESW5RRDVkS WZYMm9RPT0iLGNub25jZT0iTy9MYndLMVo1dWc4ZURiT2wzaWlhN2ZsTUVTV3MvN1JSc05 HL3JPbzhpND0iLG5jPTAwMDAwMDAyLHFvcD1hdXRoLGRpZ2VzdC11cmk9InBvcC8xOTIuM TY4LjAuMjAyIixyZXNwb25zZT0wMWRkMDNjYTcyMzBmMzM5YjRiY2NlM2VmMTcwMGU4Yw=<newline> 00:49:28 Info: pop3-login: Aborted login: method=DIGEST-MD5, rip=192.168.0.3, lip=192.168.0.202, TLS <newline> 00:49:28 Info: auth(default): passwd-file /etc/dovecot.passwd: Read 1 users
Does this contain only the "info" lines and no error lines? 1.0beta9
fixed this problem:
- DIGEST-MD5: Trying to use subsequent authentication crashed
dovecot-auth.I think that's your problem. The logs should have said that dovecot- auth crashed though.
Tere.
I'm using latest Dovecot with system (Debian Sarge) quota on /home, and custom default_mail_env = maildir:%h/Maildir:INDEX=/var/spool/dovecot/index/%u:CONTROL=/var/spool/dovecot/control/%u
However as the Dovecot includes own Maildir quota, I'm curios to know is this working fine now? If yes, then how should i migrate it from current settings to the Dovecot -s own Maildir quota?
-- Mart
- August 18. 01:52, Timo Sirainen:
On 18.8.2006, at 2.44, LeVA wrote:
..
00:49:28 Info: auth(default): client in: AUTH 1 DIGEST-MD5 service=POP3 secured lip=192.168.0.202 rip=192.168.0.3 resp=dXNlcm5hbWU9ImxldmEiLHJlYWxtPSIiLG5vbmNlPSJibmtrVGhwQ1VESW5RRD VkS WZYMm9RPT0iLGNub25jZT0iTy9MYndLMVo1dWc4ZURiT2wzaWlhN2ZsTUVTV3MvN1JS c05 HL3JPbzhpND0iLG5jPTAwMDAwMDAyLHFvcD1hdXRoLGRpZ2VzdC11cmk9InBvcC8xOT IuM TY4LjAuMjAyIixyZXNwb25zZT0wMWRkMDNjYTcyMzBmMzM5YjRiY2NlM2VmMTcwMGU4 Yw= = <newline> 00:49:28 Info: pop3-login: Aborted login: method=DIGEST-MD5, rip=192.168.0.3, lip=192.168.0.202, TLS <newline> 00:49:28 Info: auth(default): passwd-file /etc/dovecot.passwd: Read 1 users
Does this contain only the "info" lines and no error lines? 1.0beta9 fixed this problem:
- DIGEST-MD5: Trying to use subsequent authenticationcrashed dovecot-auth.
I think that's your problem. The logs should have said that dovecot- auth crashed though. This is the whole log, not only the info, no crashes in the log file (and nor in the real life :).
Thanks for the pointer, I'm looking forward to install a recent version, until then I just use TLS+Plain Text.
Daniel
-- LeVA
participants (3)
-
LeVA
-
Mart Pirita
-
Timo Sirainen