[Dovecot] master user

newer
[Dovecot] POP3-Proxy error

older
[Dovecot] Startup errors

Tom Bombadil

5 Feb 2007 5 Feb '07

10:39 p.m.

Greetings all...

We are thinking about using the master DB, so a few admins can impersonate an ordinary user.

So, we want to define one master for a set of users. And this administrator cannot be master of the other users?

Can this be done somehow? Reading the docs, it seems that if a user is defined as master, it can login as everyone.

Thanks for any hint.

Show replies by date

Dale Bewley

5 Feb 5 Feb

11:02 p.m.

On Mon, 2007-02-05 at 12:39 -0800, Tom Bombadil wrote:

...

We are thinking about using the master DB, so a few admins can impersonate an ordinary user.

I was trying to do the same thing. Not for impersonation :) but for migration to another IMAP server (Zimbra).

The docs are here http://wiki.dovecot.org/MasterPassword

It works inconsistently for me for some reason. Sometimes dovecot recognized the auth_master_user_separator delimiter and sometimes it doesn't.

dovecot-1.0-0.beta8.3.fc5 did not Jan 26 18:57:01 mail dovecot: auth(default): passdb(zimbra,::ffff:169.237.222.333,master): Master user logging in as dlbewley*zimbra Jan 26 18:57:01 mail dovecot: auth(default): client out: OK 1 user=dlbewley*zimbra Jan 26 18:57:01 mail dovecot: auth(default): master in: REQUEST 146 19330 1 Jan 26 18:57:01 mail dovecot: auth(default): passwd(dlbewley*zimbra,::ffff:169.237.222.333): unknown user Jan 26 18:57:01 mail dovecot: auth(default): userdb(dlbewley*zimbra,::ffff:169.237.222.333): user not found from userdb Jan 26 18:57:01 mail dovecot: auth(default): master out: NOTFOUND 146 Jan 26 18:57:01 mail dovecot: imap-login: Internal login failure: user=, method=PLAIN, rip=::ffff:169.237.222.333, lip=::ffff:169.237.222.111, TLS

dovecot-1.0-1.1.rc15 on FC5 did work Jan 26 21:27:37 mail dovecot: auth(default): passdb(zimbra,::ffff:169.237.111.111,master): Master user logging in as dlbewley Jan 26 21:27:37 mail dovecot: auth(default): client out: OK 1 user=dlbewley Jan 26 21:27:37 mail dovecot: auth(default): master in: REQUEST 8 28380 1 Jan 26 21:27:37 mail dovecot: auth(default): master out: USER 8 dlbewley system_user=dlbewley uid=500 gid=500 home=/home/dlbewley master_user=zimbra Jan 26 21:27:37 mail dovecot: imap-login: Login: user=<dlbewley>, method=PLAIN, rip=::ffff:169.237.111.111, lip=::ffff:169.237.222.111

But then it stopped working in rc15. Feb 5 12:52:38 mail dovecot: auth(default): userdb(dlbewley*zimbra,::ffff:169.237.222.111): user not found from userdb Feb 5 12:52:38 mail dovecot: imap-login: Internal login failure: user=zimbra>, method=PLAIN, rip=::ffff:169.237.111.111, lip=::ffff:169.237.222.111, TLS

Here's my config: I tried various changes to auth_username_chars like adding * or blanking it out and using different characters for auth_master_user_separator.

protocols = imap imaps pop3 pop3s ssl_cert_file = /usr/share/ssl/certs/mail.cert ssl_key_file = /usr/share/ssl/private/mail.key disable_plaintext_auth = no login_process_per_connection = no login_processes_count = 10 max_mail_processes = 2048 protocol imap { } protocol pop3 { } auth_username_chars = auth_master_user_separator = * auth default { mechanisms = plain passdb passwd-file { args = /etc/dovecot/dovecot.masterusers master = yes pass = no } passdb pam { } userdb passwd { } user = root } plugin { }

-- Dale Bewley - Unix Administrator - Shields Library - UC Davis GPG: 0xB098A0F3 0D5A 9AEB 43F4 F84C 7EFD 1753 064D 2583 B098 A0F3

0 0

Reply
attachment

signature.asc

Sign in to reply online Use email software

Timo Sirainen

15 Feb 15 Feb
3:23 p.m.

On Mon, 2007-02-05 at 13:02 -0800, Dale Bewley wrote:

...
But then it stopped working in rc15. Feb 5 12:52:38 mail dovecot: auth(default): userdb(dlbewley*zimbra,::ffff:169.237.222.111): user not found from userdb Feb 5 12:52:38 mail dovecot: imap-login: Internal login failure: user=zimbra>, method=PLAIN, rip=::ffff:169.237.111.111, lip=::ffff:169.237.222.111, TLS

You didn't show auth_debug=yes output in here. Master user logins should be working as far as I know. I just tried and they are working at least with rc22.

0 0

Reply
attachment

signature.asc

Sign in to reply online Use email software

Cor Bosman

3:26 p.m.

...
You didn't show auth_debug=yes output in here. Master user logins should be working as far as I know. I just tried and they are working at least with rc22.

They work with rc19 also. I made a squirrelmail plugin that allows master login.

Cor

0 0

Reply
Sign in to reply online Use email software

6441
Age (days ago)

6451
Last active (days ago)

List overview

3 comments

4 participants

Add to favorites Remove from favorites

tags

participants (4)

Cor Bosman

Dale Bewley

Timo Sirainen

Tom Bombadil