execute: /user/bin/checkpassword /user/libexec/dovecot/checkpassword-reply
Hi,
I have recently moved a dovecot installation from 2.2.36 on RHEL7.9 onto 2.3.20 on Amazon Linux 2023 and I'm now seeing the error message in the title relating to /usr/bin/checkpassword (which doesn't exist on either). This is a project that I've inherited, and I've never used dovecot previously. I've been searching around for a couple of days trying to figure this out. Running out of ideas.
Here's a slightly redacted snippet from dovecot.log
Jan 04 17:23:22 auth: Debug: checkpassword(redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Performing passdb lookup
Jan 04 17:23:22 auth: Debug: checkpassword(redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): execute: /usr/bin/checkpassword /usr/libexec/dovecot/checkpassword-reply
Jan 04 17:23:22 auth: Fatal: execv(/usr/bin/checkpassword) failed: No such file or directory
Jan 04 17:23:22 auth: Debug: checkpassword(redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Received input:
Jan 04 17:23:22 auth: Debug: checkpassword(redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): exit_status=84
Jan 04 17:23:22 auth: Error: checkpassword(redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Child 106455 exited with status 84
Jan 04 17:23:22 auth: Debug: checkpassword(redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Finished passdb lookup
Jan 04 17:23:22 auth: Debug: auth(redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Auth request finished
Jan 04 17:23:24 auth: Debug: client passdb out: FAIL 1 user=redacted@redacted.redacted.local code=temp_fail
Jan 04 17:23:24 imap-login: Info: Disconnected: Connection closed (auth service reported temporary failure): user=redacted@redacted.redacted.local, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<6uwL/SEOzpt/AAAB>
Jan 04 17:23:24 auth: Debug: auth client connected (pid=106456)
Jan 04 17:23:24 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=R5kq/SEO0Jt/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=39888
As part of the build process we overwrite the config files with ones which are presumably from a previous version.
In particular there's an auth.conf file which contains :-
!include auth-checkpassword.conf.ext
and in turn that file contains the stanza :-
passdb {
driver = checkpassword
args = /usr/bin/checkpassword}
which is where I guess the problem lies.
The thing is the config files are almost identical on both systems.
Here's the dovecot -n output...
[root@server dovecot]# dovecot -n
# 2.3.20 (xyz675d): /etc/dovecot/dovecot.conf
# OS: Linux 6.1.61-85.141.amzn2023.x86_64 x86_64 ext4
# Hostname: server...1a97d
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
first_valid_gid = 0
first_valid_uid = 0
listen = *
log_path = /var/project/log/dovecot/dovecot.log
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
mbox_write_locks = fcntl
passdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
passdb {
args = /usr/bin/checkpassword
driver = checkpassword
}
protocols = imap
service auth {
unix_listener auth-userdb \{ group = postfix mode = 0600 user = postfix }
}
ssl_cert =
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
userdb
{ driver = prefetch }
Hi,
I have recently moved a dovecot installation from 2.2.36 on RHEL7.9 onto 2.3.20 on Amazon Linux 2023 and I'm now seeing the error message in the title relating to /usr/bin/checkpassword (which doesn't exist on either). This is a project that I've inherited, and I've never used dovecot previously. I've been searching around for a couple of days trying to figure this out. Running out of ideas.
Here's a slightly redacted snippet from dovecot.log
Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Performing passdb lookup
Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): execute: /usr/ bin/checkpassword /usr/libexec/dovecot/checkpassword-reply
Jan 04 17:23:22 auth: Fatal: execv(/usr/bin/checkpassword) failed: No such file or directory
Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Received input:
Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): exit_status=84
Jan 04 17:23:22 auth: Error: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Child 106455 exited with status 84
Jan 04 17:23:22 auth: Debug: checkpassword (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Finished passdb lookup
Jan 04 17:23:22 auth: Debug: auth (redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Auth request finished
Jan 04 17:23:24 auth: Debug: client passdb out: FAIL 1 user=redacted@redacted.redacted.local code=temp_fail
Jan 04 17:23:24 imap-login: Info: Disconnected: Connection closed (auth service reported temporary failure): user=redacted@redacted.redacted.local, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<6uwL/SEOzpt/AAAB>
Jan 04 17:23:24 auth: Debug: auth client connected (pid=106456)
Jan 04 17:23:24 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=R5kq/SEO0Jt/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=39888
As part of the build process we overwrite the config files with ones which are presumably from a previous version.
In particular there's an auth.conf file which contains :-
!include auth-checkpassword.conf.ext
and in turn that file contains the stanza :-
passdb {
driver = checkpassword
args = /usr/bin/checkpassword
}
which is where I guess the problem lies.
The thing is the config files are almost identical on both systems.
Here's the dovecot -n output...
[root@server dovecot]# dovecot -n
# 2.3.20 (xyz675d): /etc/dovecot/dovecot.conf
# OS: Linux 6.1.61-85.141.amzn2023.x86_64 x86_64 ext4
# Hostname: server...1a97d
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
first_valid_gid = 0
first_valid_uid = 0
listen = *
log_path = /var/project/log/dovecot/dovecot.log
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
mbox_write_locks = fcntl
passdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
passdb {
args = /usr/bin/checkpassword
driver = checkpassword
}
protocols = imap
service auth {
unix_listener auth-userdb \{ group = postfix mode = 0600 user = postfix }
}
ssl_cert =
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
userdb
{ driver = prefetch }
On 09/01/2024 17:45 EET Steve Button steve.button@gmail.com wrote:
Hi,
I have recently moved a dovecot installation from 2.2.36 on RHEL7.9 onto 2.3.20 on Amazon Linux 2023 and I'm now seeing the error message in the title relating to /usr/bin/checkpassword (which doesn't exist on either). This is a project that I've inherited, and I've never used dovecot previously. I've been searching around for a couple of days trying to figure this out. Running out of ideas.
Hi!
Your checkpassword exists with code 84.
Jan 04 17:23:22 auth: Error: checkpassword(redacted@redacted.redacted.local,127.0.0.1,<6uwL/SEOzpt/AAAB>): Child 106455 exited with status 84
Maybe figure out why?
Aki
participants (2)
-
Aki Tuomi
-
Steve Button