[Dovecot] Problem with checkpassword-reply
Hello
I posted an earlier post on problems with getting usernames. That one is solved, thank you.
I'm currently having trouble executing checkpassword-reply. The maillog shows the following error: (substituting rip/lip/user/domain) May 27 07:21:06 saw dovecot: Logins with UID 0 not permitted (user user@domain.com> May 27 07:21:06 saw dovecot: imap-login: Internal login failure: user=<user@domain.com>, method=plain, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS
My script reads fd3 right and gets all the details correct. Then runs the following code:
$REPLY = $ARGV[0] || exit 111; # this is actually run much earlier $ENV{HOME} = "$USERSHOME/$domain/$user"; $ENV{USER} = $user; # effective gid $) = 300; # effective uid $> = 300; exec $REPLY;
I've looked at the checkpassword-reply code (thank god for open source software) and I saw that it opens fd4 for writing. I couldn't find any documentation about this and couldn't find anyone who is using checkpassword-reply. No sample scripts, no examples, and the documentation on the site is extremely scarce. The wiki docs indicate I should just execute it - which I do - but that does not help. Also, the debugging isn't very meaningful. I'm definitely changing the UID and GID, but it's not apparent in the maillog. The fie permissions on checkpassword-reply show I could execute it under any user and I've tried that with "sudo -u <user> /path/to/checkpassword-reply.
On a post somewhere in the vortex of the internet someone said Dovecot does not allow any uid/gid under 99 (which is why I tried 300), but I couldn't find any documentation for that anywhere in the wiki either.
What am I missing and is there anything I've missed that would have prevented me from emailing the mailing list with this long email?
Thanks, Sawyer.
participants (1)
-
sawyer x