[Dovecot] RC1 broken - Authentication Failed
Works great with all the beta versions. I installed RC1 and get massive authentication failures.
auth_debug_passwords = yes auth_master_user_separator=*
auth default_with_listener { mechanisms = plain
passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes #pass =yes }
passdb passwd-file { # Path for passwd-file args = /etc/vmail/shadow.%d }
userdb passwd-file { # Path for passwd-file args = /etc/vmail/passwd.%d }
socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } }
}
dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark@marxmail.net,64.81.213.137): pam_authenticate() failed:
Authentication failure
dovecot: Jun 28 07:18:57 Info: auth(default): passwd-file(mark@marxmail.net,64.81.213.137): unknown user
dovecot: Jun 28 07:18:57 Info: auth(default): client in: AUTH 6 PLAIN service=IMAP secured
lip=69.50.231.8rip=64.81.213.137 resp=AG1hcmtAbWFyeG1haWwubmV0AHlldW4xMjM=
dovecot: Jun 28 07:18:57 Info: auth(default): client in: AUTH 8 PLAIN service=IMAP secured
lip=69.50.231.8rip=64.81.213.137 resp=AG1hcmtAbWFyeG1haWwubmV0AHlldW4xMjM=
dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark@marxmail.net,64.81.213.137): pam_authenticate() failed:
Authentication failure
dovecot: Jun 28 07:18:57 Info: auth(default): passwd-file(mark@marxmail.net,64.81.213.137): unknown user
dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark@marxmail.net,64.81.213.137): pam_authenticate() failed:
Authentication failure
dovecot: Jun 28 07:18:57 Info: auth(default): passwd-file(mark@marxmail.net,64.81.213.137): unknown user
dovecot: Jun 28 07:18:57 Info: pop3-login: Disconnected: user=<elizasue@marksharconsulting.com>, method=PLAIN,
rip=71.192.214.3, lip=69.50.231.8, TLS
dovecot: Jun 28 07:18:58 Info: pop3-login: Disconnected: rip=70.105.255.245, lip=69.50.231.8
dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 26 user=mark@marxmail.net
dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 27 user=mark@marxmail.net
dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 7 user=mark@marxmail.net
dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 8 user=mark@marxmail.net
dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 6 user=mark@marxmail.net
dovecot: Jun 28 07:19:04 Info: auth(default): client in: AUTH 28 PLAIN service=IMAP secured
lip=69.50.231.8rip=66.100.35.217
dovecot: Jun 28 07:19:04 Info: auth(default): client out: CONT 28
dovecot: Jun 28 07:19:04 Info: auth(default): client in: CONT 28
ADRnZW9yZ2VAdGhlbWlkZGxlYnJvb2tzLm9yZwBnbTU5NjAz
dovecot: Jun 28 07:19:04 Info: auth(default): pam(4george@themiddlebrooks.org,66.100.35.217): pam_authenticate()
failed: Authentication failure
dovecot: Jun 28 07:19:04 Info: auth(default): passwd-file(4george@themiddlebrooks.org,66.100.35.217): unknown user
dovecot: Jun 28 07:19:05 Info: auth(default): client out: FAIL 28 user=4george@themiddlebrooks.org
dovecot: Jun 28 07:19:05 Info: auth(default): client in: AUTH 29 PLAIN service=IMAP secured
lip=69.50.231.8rip=66.100.35.217 resp=ADRnZW9yZ2VAdGhlbWlkZGxlYnJvb2tzLm9yZwBnbTU5NjAz
dovecot: Jun 28 07:19:05 Info: auth(default): pam(4george@themiddlebrooks.org,66.100.35.217): pam_authenticate()
failed: Authentication failure
dovecot: Jun 28 07:19:05 Info: auth(default): passwd-file(4george@themiddlebrooks.org,66.100.35.217): unknown user
dovecot: Jun 28 07:19:06 Info: auth(default): client in: AUTH 30 PLAIN service=IMAP secured
lip=69.50.231.8rip=63.203.231.61
Marc Perkel wrote:
Works great with all the beta versions. I installed RC1 and get massive authentication failures.
auth_debug_passwords = yes auth_master_user_separator=*
auth default_with_listener { mechanisms = plain
passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes #pass =yes }
passdb passwd-file { # Path for passwd-file args = /etc/vmail/shadow.%d }
userdb passwd-file { # Path for passwd-file args = /etc/vmail/passwd.%d }
socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } }
}
dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark@marxmail.net,64.81.213.137): pam_authenticate() failed: Authentication failure dovecot: Jun 28 07:18:57 Info: auth(default): passwd-file(mark@marxmail.net,64.81.213.137): unknown user dovecot: Jun 28 07:18:57 Info: auth(default): client in: AUTH 6 PLAIN service=IMAP secured lip=69.50.231.8rip=64.81.213.137 resp=AG1hcmtAbWFyeG1haWwubmV0AHlldW4xMjM= dovecot: Jun 28 07:18:57 Info: auth(default): client in: AUTH 8 PLAIN service=IMAP secured lip=69.50.231.8rip=64.81.213.137 resp=AG1hcmtAbWFyeG1haWwubmV0AHlldW4xMjM= dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark@marxmail.net,64.81.213.137): pam_authenticate() failed: Authentication failure dovecot: Jun 28 07:18:57 Info: auth(default): passwd-file(mark@marxmail.net,64.81.213.137): unknown user dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark@marxmail.net,64.81.213.137): pam_authenticate() failed: Authentication failure dovecot: Jun 28 07:18:57 Info: auth(default): passwd-file(mark@marxmail.net,64.81.213.137): unknown user dovecot: Jun 28 07:18:57 Info: pop3-login: Disconnected: user=<elizasue@marksharconsulting.com>, method=PLAIN, rip=71.192.214.3, lip=69.50.231.8, TLS dovecot: Jun 28 07:18:58 Info: pop3-login: Disconnected: rip=70.105.255.245, lip=69.50.231.8 dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 26 user=mark@marxmail.net dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 27 user=mark@marxmail.net dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 7 user=mark@marxmail.net dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 8 user=mark@marxmail.net dovecot: Jun 28 07:18:59 Info: auth(default): client out: FAIL 6 user=mark@marxmail.net dovecot: Jun 28 07:19:04 Info: auth(default): client in: AUTH 28 PLAIN service=IMAP secured lip=69.50.231.8rip=66.100.35.217 dovecot: Jun 28 07:19:04 Info: auth(default): client out: CONT 28 dovecot: Jun 28 07:19:04 Info: auth(default): client in: CONT 28
ADRnZW9yZ2VAdGhlbWlkZGxlYnJvb2tzLm9yZwBnbTU5NjAz dovecot: Jun 28 07:19:04 Info: auth(default): pam(4george@themiddlebrooks.org,66.100.35.217): pam_authenticate() failed: Authentication failure dovecot: Jun 28 07:19:04 Info: auth(default): passwd-file(4george@themiddlebrooks.org,66.100.35.217): unknown user dovecot: Jun 28 07:19:05 Info: auth(default): client out: FAIL 28 user=4george@themiddlebrooks.org dovecot: Jun 28 07:19:05 Info: auth(default): client in: AUTH 29 PLAIN service=IMAP secured lip=69.50.231.8rip=66.100.35.217 resp=ADRnZW9yZ2VAdGhlbWlkZGxlYnJvb2tzLm9yZwBnbTU5NjAz dovecot: Jun 28 07:19:05 Info: auth(default): pam(4george@themiddlebrooks.org,66.100.35.217): pam_authenticate() failed: Authentication failure dovecot: Jun 28 07:19:05 Info: auth(default): passwd-file(4george@themiddlebrooks.org,66.100.35.217): unknown user dovecot: Jun 28 07:19:06 Info: auth(default): client in: AUTH 30 PLAIN service=IMAP secured lip=69.50.231.8rip=63.203.231.61
I compiled dovecot 1.0.rc1 on Debian Sarge and it works fine with both auth default { mechanisms = plain passdb pam { } userdb passwd { }
and
auth default { mechanisms = plain passdb sql { args = /etc/dovecot/dovecot-sql.conf } userdb sql { args = /etc/dovecot/dovecot-sql.conf }
No errors in logs.
Regards, Dumitru
On Wed, 2006-06-28 at 07:32 -0700, Marc Perkel wrote:
Works great with all the beta versions. I installed RC1 and get massive authentication failures.
auth_debug_passwords = yes auth_master_user_separator=*
auth default_with_listener { mechanisms = plain
passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes #pass =yes }
passdb passwd-file { # Path for passwd-file args = /etc/vmail/shadow.%d }
userdb passwd-file { # Path for passwd-file args = /etc/vmail/passwd.%d }
socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } }
}
dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark@marxmail.net,64.81.213.137): pam_authenticate() failed: Authentication failure
It seems to be using wrong dovecot.conf file. Above there's no PAM configured, but here it's using PAM.
Timo Sirainen wrote:
On Wed, 2006-06-28 at 07:32 -0700, Marc Perkel wrote:
Works great with all the beta versions. I installed RC1 and get massive authentication failures.
auth_debug_passwords = yes auth_master_user_separator=*
auth default_with_listener { mechanisms = plain
passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes #pass =yes }
passdb passwd-file { # Path for passwd-file args = /etc/vmail/shadow.%d }
userdb passwd-file { # Path for passwd-file args = /etc/vmail/passwd.%d }
socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } }
}
dovecot: Jun 28 07:18:57 Info: auth(default): pam(mark@marxmail.net,64.81.213.137): pam_authenticate() failed: Authentication failure
It seems to be using wrong dovecot.conf file. Above there's no PAM configured, but here it's using PAM.
Right - hmmmmm - so why would it be using the wrong one? The one I want it to use is /etc/dovecot.conf. Is there another default?
On Sat, 2006-07-01 at 11:35 -0700, Marc Perkel wrote:
It seems to be using wrong dovecot.conf file. Above there's no PAM configured, but here it's using PAM.
Right - hmmmmm - so why would it be using the wrong one? The one I want it to use is /etc/dovecot.conf. Is there another default?
That's the default only if you give --sysconfdir=/etc configure option. The default without any configure options is /usr/local/etc/dovecot.conf.
I think I'll change "dovecot -n" to print also the config file path.
OK - I just tried it again and here's what I got. Switching back to beta 9 fixes it so whatever you changed it started in rc1.
dovecot: Jul 01 11:50:52 Info: auth(default): passwd-file(tenacity@sturdywench.com,127.0.0.1): unknown user dovecot: Jul 01 11:50:54 Info: auth(default): client out: FAIL 9 user=tenacity@sturdywench.com dovecot: Jul 01 11:50:54 Info: auth(default): client in: AUTH 10 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=AHRlbmFjaXR5QHN0dXJkeXdlbmNoLmNvbQBsYWNleTEyMw== dovecot: Jul 01 11:50:54 Info: auth(default): pam(tenacity@sturdywench.com,127.0.0.1): pam_authenticate() failed: Authentication failure dovecot: Jul 01 11:50:54 Info: auth(default): passwd-file(tenacity@sturdywench.com,127.0.0.1): unknown user dovecot: Jul 01 11:50:54 Info: auth(default): client in: AUTH 11 PLAIN service=IMAP lip=69.50.231.8 rip=24.9.45.107 resp=AGxhcnJ5QGxlc3NpZy5vcmcAbDEzMDMwMGxc dovecot: Jul 01 11:50:54 Info: auth(default): pam(larry@lessig.org,24.9.45.107): pam_authenticate() failed: Authentication failure dovecot: Jul 01 11:50:54 Info: auth(default): passwd-file(larry@lessig.org,24.9.45.107): unknown user dovecot: Jul 01 11:50:56 Info: auth(default): client out: FAIL 10 user=tenacity@sturdywench.com dovecot: Jul 01 11:50:56 Info: auth(default): client out: FAIL 11 user=larry@lessig.org dovecot: Jul 01 11:50:56 Info: imap-login: Aborted login: user=<tenacity@sturdywench.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured dovecot: Jul 01 11:50:57 Info: auth(default): client in: AUTH 12 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 dovecot: Jul 01 11:50:57 Info: auth(default): client out: CONT 12 dovecot: Jul 01 11:50:57 Info: auth(default): client in: CONT 12 AG1hcmNAcGVya2VsLmNvbQBkYXJtMGs= dovecot: Jul 01 11:50:57 Info: auth(default): pam(marc@perkel.com,127.0.0.1): pam_authenticate() failed: Authentication failure dovecot: Jul 01 11:50:57 Info: auth(default): passwd-file(marc@perkel.com,127.0.0.1): unknown user dovecot: Jul 01 11:50:58 Info: auth(default): client out: FAIL 12 user=marc@perkel.com dovecot: Jul 01 11:50:58 Info: auth(default): client in: AUTH 13 PLAIN service=IMAP lip=69.50.231.8 rip=24.63.194.47 resp=AHBhdEBhbWJyeW5ldC5jb20AcjBzZWJ1ZA== dovecot: Jul 01 11:50:58 Info: auth(default): pam(pat@ambrynet.com,24.63.194.47): pam_authenticate() failed: Authentication failure dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User pat has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User admin has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User notify has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User dev has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User donor has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User ecomm has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User gmail has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User news has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User shop has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User travel has invalid UID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User bank has invalid UID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User adc has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User avn has invalid GID -1 dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User comics has invalid GID -1 dovecot: Jul 01 11:50:59 Info: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: Read 0 users dovecot: Jul 01 11:50:59 Info: auth(default): passwd-file(pat@ambrynet.com,24.63.194.47): unknown user dovecot: Jul 01 11:51:00 Info: auth(default): client out: FAIL 13 user=pat@ambrynet.com dovecot: Jul 01 11:51:01 Info: auth(default): client in: AUTH 5 PLAIN service=POP3 lip=69.50.231.8 rip=82.35.77.65 resp=AHBhdWxhQGljb21tb25zLm9yZwBkZWl0eTE= dovecot: Jul 01 11:51:01 Info: auth(default): pam(paula@icommons.org,82.35.77.65): pam_authenticate() failed: Authentication failure dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User paula has invalid GID -1 dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User counsel has invalid GID -1 dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User mia has invalid GID -1 dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User info has invalid GID -1 dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User heather has invalid GID -1 dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User daniela has invalid GID -1 dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User registration has invalid GID -1 dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User keller has invalid GID -1 dovecot: Jul 01 11:51:01 Error: auth(default): passwd-file /etc/vmail/shadow.icommons.org: User pete has invalid GID -1 dovecot: Jul 01 11:51:01 Info: auth(default): passwd-file /etc/vmail/shadow.icommons.org: Read 0 users dovecot: Jul 01 11:51:01 Info: auth(default): passwd-file(paula@icommons.org,82.35.77.65): unknown user dovecot: Jul 01 11:51:02 Info: auth(default): client out: FAIL 5 user=paula@icommons.org dovecot: Jul 01 11:51:02 Info: pop3-login: Aborted login: user=<paula@icommons.org>, method=PLAIN, rip=82.35.77.65, lip=69.50.231.8
On Sat, 2006-07-01 at 11:57 -0700, Marc Perkel wrote:
OK - I just tried it again and here's what I got. Switching back to beta 9 fixes it so whatever you changed it started in rc1.
dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User pat has invalid GID -1
Well, I guess it's these. -1 really is invalid and I think it practically means that the process would get root's GID, which really isn't a good idea.
I'll add some extra checks to make sure this can't be done with other userdbs either..
On Sat, 2006-07-01 at 22:21 +0300, Timo Sirainen wrote:
On Sat, 2006-07-01 at 11:57 -0700, Marc Perkel wrote:
OK - I just tried it again and here's what I got. Switching back to beta 9 fixes it so whatever you changed it started in rc1.
dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User pat has invalid GID -1
Well, I guess it's these. -1 really is invalid and I think it practically means that the process would get root's GID, which really isn't a good idea.
I'll add some extra checks to make sure this can't be done with other userdbs either..
Hmm. Actually with me it gives this:
dovecot: Jul 01 22:36:11 Fatal: setegid(4294967295) failed: Invalid argument
Also looking more closely your log it looks like you're not using those files as userdb either. So, fixed:
Timo Sirainen wrote:
On Sat, 2006-07-01 at 11:57 -0700, Marc Perkel wrote:
OK - I just tried it again and here's what I got. Switching back to beta 9 fixes it so whatever you changed it started in rc1.
dovecot: Jul 01 11:50:59 Error: auth(default): passwd-file /etc/vmail/shadow.ambrynet.com: User pat has invalid GID -1
Well, I guess it's these. -1 really is invalid and I think it practically means that the process would get root's GID, which really isn't a good idea.
I'll add some extra checks to make sure this can't be done with other userdbs either..
Here's what a passwd file looks like:
marc:x:40000:12:Marc Perkel:/vhome/perkel.com/home/marc:/bin/false test:x:40001:12::/vhome/perkel.com/home/test:/bin/false dd:x:40002:12:Atia:/vhome/perkel.com/home/dd:/bin/false
In case the user numbers are messing things up.
BTW, thanks for looking into this.
participants (3)
-
Dumitru Negara
-
Marc Perkel
-
Timo Sirainen