[Dovecot] dovecot authentication failing
Hello, I'm running dovecot 2.0.x on a centos 5.6 machine. This is a new installation, I haven't even opened the firewall to it yet. I was trying to telnet localhost 143 and 110 trying to authenticate a user. I'm getting authentication failure in my maillog but no details. Here's the one line I get in my maillog:
May 14 15:33:42 ohio dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=user@example.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Here's a doveconf -n: # 2.0.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.3-linode32 i686 CentOS release 5.6 (Final) ext3 auth_default_realm = domain.com auth_mechanisms = plain login base_dir = /var/run/dovecot/ disable_plaintext_auth = no listen = * mail_location = maildir:/var/spool/mail/vhosts/%d/%u maildir_very_dirty_syncs = yes mbox_write_locks = fcntl passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix user = postfix } } ssl_cert =
Here's how I constructed my users file: # # Passwd-file for use with dovecot authentication # Used in a virtual setup # Username:{scheme}HashedPassword:UID:GID:: user:{SSHA512}hbLu+pCmhmtyKEwyAs3wv3kvHD/ryr0MoXOAq3VdB7X/g8qIE/xE9BG+eI4jhFk9pTyiCltPCjZxv5/+yK1wll2LNcw= :5000:5000::
My goal is to use this with a postfix virtual mailbox setup, the postfix part is already in place. The mailbox base is /var/spool/mail/vhosts and under that there's example.com which is the domain and under that the various users one just called user for this example. The Uid and Gid 5000 is the same one the postfix vmail user is running as that's the user who handles the virtual mailbox domains.
I'm suspecting my issue is in my users file or the definition of it in passwd-file{ i've been over the wiki for 2.0.x dovecot, this was definitely worth the upgrade by the way, and thus far have not found an answer.
I'd appreciate any help. Thanks. Dave.
Am 14.05.2011 22:13, schrieb David Mehler:
Hello, I'm running dovecot 2.0.x on a centos 5.6 machine. This is a new installation, I haven't even opened the firewall to it yet. I was trying to telnet localhost 143 and 110 trying to authenticate a user. I'm getting authentication failure in my maillog but no details. Here's the one line I get in my maillog:
May 14 15:33:42 ohio dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=user@example.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Here's a doveconf -n: # 2.0.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.3-linode32 i686 CentOS release 5.6 (Final) ext3 auth_default_realm = domain.com auth_mechanisms = plain login base_dir = /var/run/dovecot/ disable_plaintext_auth = no listen = * mail_location = maildir:/var/spool/mail/vhosts/%d/%u maildir_very_dirty_syncs = yes mbox_write_locks = fcntl passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix user = postfix } } ssl_cert =
Here's how I constructed my users file: # # Passwd-file for use with dovecot authentication # Used in a virtual setup # Username:{scheme}HashedPassword:UID:GID:: user:{SSHA512}hbLu+pCmhmtyKEwyAs3wv3kvHD/ryr0MoXOAq3VdB7X/g8qIE/xE9BG+eI4jhFk9pTyiCltPCjZxv5/+yK1wll2LNcw= :5000:5000::
My goal is to use this with a postfix virtual mailbox setup, the postfix part is already in place. The mailbox base is /var/spool/mail/vhosts and under that there's example.com which is the domain and under that the various users one just called user for this example. The Uid and Gid 5000 is the same one the postfix vmail user is running as that's the user who handles the virtual mailbox domains.
I'm suspecting my issue is in my users file or the definition of it in passwd-file{ i've been over the wiki for 2.0.x dovecot, this was definitely worth the upgrade by the way, and thus far have not found an answer.
I'd appreciate any help. Thanks. Dave.
i am definitive not familar with "file auth" but you can switch on more verbose debug logging in dovecot , this should help finding bug reasons http://wiki2.dovecot.org/Logging
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On 05/14/2011 10:13 PM David Mehler wrote:
Hello, I'm running dovecot 2.0.x on a centos 5.6 machine. This is a new installation, I haven't even opened the firewall to it yet. I was trying to telnet localhost 143 and 110 trying to authenticate a user. I'm getting authentication failure in my maillog but no details. Here's the one line I get in my maillog:
May 14 15:33:42 ohio dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=user@example.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Here's a doveconf -n: # 2.0.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.3-linode32 i686 CentOS release 5.6 (Final) ext3 auth_default_realm = domain.com auth_mechanisms = plain login … disable_plaintext_auth = no … passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } …
Here's how I constructed my users file: … user:{SSHA512}hbLu+pCmhmtyKEwyAs3wv3kvHD/ryr0MoXOAq3VdB7X/g8qIE/xE9BG+eI4jhFk9pTyiCltPCjZxv5/+yK1wll2LNcw= :5000:5000:: …
CRYPT (CRYPT|MD5-CRYPT|SHA256-CRYPT|SHA512-CRYPT) != SSHA512
I'm suspecting my issue is in my users file or the definition of it in passwd-file{ i've been over the wiki for 2.0.x dovecot, this was definitely worth the upgrade by the way, and thus far have not found an answer.
I'd appreciate any help.
Whenever something isn't working you should point your browser to: http://wiki2.dovecot.org/WhyDoesItNotWork
Regards, Pascal
The trapper recommends today: c01dcafe.1113512@localdomain.org
Hello, Thanks for all your replies. I reread the sites and made the following change:
passdb { driver = passwd-file args = scheme=SHA512-CRYPT username_format=%n /etc/dovecot/passwd }
userdb { driver = passwd-file args = username_format=%n /etc/dovecot/users }
In passwd I have:
user:{SSHA512}hbLu+pCmhmtyKEwyAs3wv3kvHD/ryr0MoXOAq3VdB7X/g8qIE/xE9BG+eI4jhFk9pTyiCltPCjZxv5/+yK1wll2LNcw=
That should all be on one line. And in the users file I have:
user::uid:gid::HomeDirectory:Shell::
It seems to be working. Can I get an assessment, make sure that all is looking right? Thanks. Dave.
On 5/15/11, Pascal Volk user+dovecot@localhost.localdomain.org wrote:
On 05/14/2011 10:13 PM David Mehler wrote:
Hello, I'm running dovecot 2.0.x on a centos 5.6 machine. This is a new installation, I haven't even opened the firewall to it yet. I was trying to telnet localhost 143 and 110 trying to authenticate a user. I'm getting authentication failure in my maillog but no details. Here's the one line I get in my maillog:
May 14 15:33:42 ohio dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=user@example.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Here's a doveconf -n: # 2.0.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.3-linode32 i686 CentOS release 5.6 (Final) ext3 auth_default_realm = domain.com auth_mechanisms = plain login … disable_plaintext_auth = no … passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } …
Here's how I constructed my users file: … user:{SSHA512}hbLu+pCmhmtyKEwyAs3wv3kvHD/ryr0MoXOAq3VdB7X/g8qIE/xE9BG+eI4jhFk9pTyiCltPCjZxv5/+yK1wll2LNcw= :5000:5000:: …
CRYPT (CRYPT|MD5-CRYPT|SHA256-CRYPT|SHA512-CRYPT) != SSHA512
I'm suspecting my issue is in my users file or the definition of it in passwd-file{ i've been over the wiki for 2.0.x dovecot, this was definitely worth the upgrade by the way, and thus far have not found an answer.
I'd appreciate any help.
Whenever something isn't working you should point your browser to: http://wiki2.dovecot.org/WhyDoesItNotWork
Regards, Pascal
The trapper recommends today: c01dcafe.1113512@localdomain.org
On Sun, 2011-05-15 at 10:38 -0400, David Mehler wrote:
passdb { driver = passwd-file args = scheme=SHA512-CRYPT username_format=%n /etc/dovecot/passwd }
In passwd I have:
user:{SSHA512}hbLu+pCmhmtyKEwyAs3wv3kvHD/ryr0MoXOAq3VdB7X/g8qIE/xE9BG+eI4jhFk9pTyiCltPCjZxv5/+yK1wll2LNcw=
The passdb scheme doesn't matter if all your password entries have {scheme} prefix. It doesn't hurt either though..
participants (4)
-
David Mehler
-
Pascal Volk
-
Robert Schetterer
-
Timo Sirainen