[Dovecot] Password auth with Postfixadmin & MySQL
I am trying to get Postfix, Dovecot, Postfixadmin, and MySQP all
working together. I'm using 1.0.5 atm.
I've hit a point where I can't seem top get dovecot to auth to the
MySQL password database
It seems to see the user OK, but I can't seem to get a password match.
MySQL has password stored as MD5, as per Postfixadmin. When I add
plain-md5 to the auth mechanisms dovecot seems to use plain and fails.
From dovecot.conf..
# Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi # NOTE: See also disable_plaintext_auth setting. mechanisms = cram-md5 plain login #
dovecot log file...
dovecot: Sep 25 11:17:30 Info: pop3-login: Login:
user=jdehnert@dehnert.com, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
dovecot: Sep 25 11:19:54 Info: auth(default): client in: AUTH
1 PLAIN service=IMAP secured lip=127.0.0.1
rip=127.0.0.1 resp=<hidden>
dovecot: Sep 25 11:19:54 Info: auth-worker(default): sql
(jdehnert@dehnert.com,127.0.0.1): query: SELECT username as user,
password, concat('/var/vmail/',domain,'/',maildir) as userdb_home,
concat('maildir:/var/vmail/',domain,'/',maildir) as userdb_mail, 101
as userdb_uid, 101 as userdb_gid FROM mailbox WHERE username =
'jdehnert@dehnert.com' AND active = '1'
dovecot: Sep 25 11:19:54 Info: auth-worker(default): sql
(jdehnert@dehnert.com,127.0.0.1): Password mismatch
dovecot: Sep 25 11:19:54 Info: auth(default): client out: FAIL
1 user=jdehnert@dehnert.com
dovecot: Sep 25 11:22:54 Info: imap-login: Disconnected: Inactivity:
user=jdehnert@dehnert.com, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
and the sql script thats called is has just minor tweaks...
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix
user_query = SELECT concat('/var/vmail/',domain,'/',maildir) as home,
concat('maildir:/var/vmail/',domain,'/',maildir)
as mail, 101 AS uid, 101 AS gid, concat('maildir:storage=', quota)
AS quota FROM mailbox WHERE username = '%u' AND
active = '1'
password_query = SELECT username as user, password, concat('/var/
vmail/',domain,'/',maildir) as
userdb_home, concat('maildir:/var/vmail/',domain,'/',maildir) as
userdb_mail, 101 as userdb_uid,
101 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
From dovecot.conf..
# Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi # NOTE: See also disable_plaintext_auth setting. mechanisms = cram-md5 plain login #
What is your setting in dovecot-sql.conf?
#default_pass_scheme = MD5 default_pass_scheme = PLAIN
As a side note, if you plan to use TLS, then your setup will be much easier if you keep passwords in MySQL non-encrypted, no matter what postfixadmin thinks of it.
Regards, Gregory
On Sep 25, 2007, at 11:56 AM, Gregory Mokhin wrote:
From dovecot.conf..
# Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi # NOTE: See also disable_plaintext_auth setting. mechanisms = cram-md5 plain login #
What is your setting in dovecot-sql.conf?
[root@mail-1 dovecot]# more dovecot-mysql.conf
db_host = 127.0.0.1
db_port = 3306
db = postfix
db_user = postfix
db_passwd = postfix
db_client_flags = 0
default_pass_scheme = PLAIN
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 101 AS uid, 101 AS gid FROM mailbox
WHERE username = '%u'
#default_pass_scheme = MD5 default_pass_scheme = PLAIN
As a side note, if you plan to use TLS, then your setup will be much easier if you keep passwords in MySQL non-encrypted, no matter what postfixadmin thinks of it.
I was thinking of that. I need to dig into the code for
postfixadmin, but I should be able to change that, however, I also
think I should be able to use this too. I didn't think dovecot used
dovecot-mysql.conf since I didn't see a reference for it in
dovecot.conf. I tried changing PLAIN to MD5 just before I wrote
this, but no luck there.
Regards, Gregory
Thanks, Zeke
-- James "Zeke" Dehnert mailto:jdehnert@norcalnetworks.com Phone: +1 707.546.6620 x602 Fax: +1 707.324.8043 "Life is racing, everything else is just waiting"
On Sep 25, 2007, at 11:56 AM, Gregory Mokhin wrote:
From dovecot.conf..
# Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi # NOTE: See also disable_plaintext_auth setting. mechanisms = cram-md5 plain login #
What is your setting in dovecot-sql.conf?
#default_pass_scheme = MD5 default_pass_scheme = PLAIN
As a side note, if you plan to use TLS, then your setup will be much easier if you keep passwords in MySQL non-encrypted, no matter what postfixadmin thinks of it.
Regards, Gregory
Blast! I switched all my pw's to plain in mysql. Postfixadmin
works, but...
dovecot: Sep 25 13:40:46 Info: auth-worker(default): mysql: Connected
to localhost (postfix)
dovecot: Sep 25 13:41:05 Info: auth(default): client in: AUTH
1 PLAIN service=POP3 secured lip=127.0.0.1
rip=127.0.0.1 resp=<hidden>
dovecot: Sep 25 13:41:05 Info: auth-worker(default): sql
(jdehnert@dehnert.com,127.0.0.1): query: SELECT username as user,
password, concat('/var/vmail/',domain,'/',maildir) as userdb_home,
concat('maildir:/var/vmail/',domain,'/',maildir) as userdb_mail, 101
as userdb_uid, 101 as userdb_gid FROM mailbox WHERE username =
'jdehnert@dehnert.com' AND active = '1'
dovecot: Sep 25 13:41:05 Error: auth-worker(default): plain_md5_verify
(jdehnert@dehnert.com): Invalid password encoding
dovecot: Sep 25 13:41:05 Info: auth-worker(default): sql
(jdehnert@dehnert.com,127.0.0.1): Password mismatch
dovecot: Sep 25 13:41:06 Info: auth(default): client out: FAIL
1 user=jdehnert@dehnert.com
So, where is this auth-worker? I need to talk with him.
Thanks, Zeke
-- James "Zeke" Dehnert mailto:jdehnert@norcalnetworks.com Phone: +1 707.546.6620 x602 Fax: +1 707.324.8043 "Life is racing, everything else is just waiting"
participants (2)
-
Gregory Mokhin
-
James Dehnert