[Dovecot] What auth ?
Hello people,
First of all a Happy New Year and best wishes to you all.
I've managed to setup dovecot v1.2.9 on a CentOS 5.4 system and I am now, trying to make it auth.
I would prefer virtual users and only want to make the IMAP/ IMAPS part work. I don't need POP3 or anything else. The rest will be handled by another SMTP/POP3 application.
Now, I almost managed to make dovecot auth a virtual user with his password. However, when it seems it has passed the auth stage (either via IMAP _or_ IMAPS), the command line kicks me out.
Here's roughly what I did :
- Created /etc/dovecot/users and /etc/dovecot/passwd
- filled in a couple of usernames/passwords encrypted in MD5 format
- Ran dovecot from command line (service dovecot start [after I created the service ofcourse])
- telneted to localhost via port 143 or 993 (with the help of openssl: "openssl s_client -connect the.system.name:993")
- typed : . login username@fqdn <password>
Something worth noticing for step "5". If I do this logging-in with the "user@fqdn" format, the systems kicks me out. I, then, check the latest on "/var/log/dovecot/errors" to find that the system does not complain about the auth. If I do the same logging-in but instead use "user@localhost" (and not the fqdn), the system fails the authentication stage and does _not_ drop me into the shell. Go figure !!
Anyway. My question, in essence, is this; Which type of auth should I use ?
The manuals (that i've been sinking my head for the last couple of weeks) suggest I should use PAM. PAM, I cannot understand. At the moment, I _think_ I am using MD5. Any pointers here ? I've been reading the /doc/wiki directory for quite some time until it made no sense to me anymore (too much info makes me loose perspective).
Any help would be greatly appreciated.
TIA,
spyros
On 1.1.2010, at 18.19, Spyros Tsiolis wrote:
Something worth noticing for step "5". If I do this logging-in with the "user@fqdn" format, the systems kicks me out. I, then, check the latest on "/var/log/dovecot/errors" to find that the system does not complain about the auth.
If it disconnects you immediately, it really should have logged an error. Are you sure the errors go to that log file? Verify like http://wiki.dovecot.org/Logging says. Also auth_debug=yes could be helpful.
Terve ! :-) Thank you kindly Timo. Ooops ! Missed "auth_debug". Just enabled it. I'll run some more tests and let you know.
I can attach the last error log lines. Here they are :
Jan 02 19:14:05 auth(default): Info: client in: CONT 3 AHBvc3RtYXN0ZXIAazR2djRkMTQ= Jan 02 19:14:05 auth(default): Info: passwd-file(postmaster,127.0.0.1): lookup: user=postmaster file=/etc/dovecot/passwd Jan 02 19:14:05 auth(default): Info: passwd-file(postmaster,127.0.0.1): unknown user Jan 02 19:14:07 auth(default): Info: client out: FAIL 3 user=postmaster Jan 02 19:14:22 imap-login: Info: Aborted login (auth failed, 3 attempts): user=<postmaster>, method=PLAIN, rip=127.0.0.1, l ip=127.0.0.1, TLS Jan 02 19:14:58 Info: Dovecot v1.2.9 starting up (core dumps disabled) Jan 02 19:14:58 auth(default): Info: passwd-file /etc/dovecot/passwd: Read 2 users Jan 02 19:14:58 auth(default): Info: passwd-file /etc/dovecot/users: Read 2 users Jan 02 19:14:59 auth(default): Info: new auth connection: pid=3495 Jan 02 19:14:59 auth(default): Info: new auth connection: pid=3496 Jan 02 19:14:59 auth(default): Info: new auth connection: pid=3497 Jan 02 19:15:17 auth(default): Info: new auth connection: pid=3501 Jan 02 19:15:26 imap-login: Info: Authenticate PLAIN failed: Unsupported authentication mechanism.: method=PLAIN, rip=127.0. 0.1, lip=127.0.0.1, secured Jan 02 19:18:26 imap-login: Info: Disconnected: Inactivity (tried to use unsupported auth mechanism): method=PLAIN, rip=127. 0.0.1, lip=127.0.0.1, secured Jan 02 20:36:13 Info: Dovecot v1.2.9 starting up (core dumps disabled) Jan 02 20:36:13 auth(default): Info: passwd-file /etc/dovecot/passwd: Read 2 users Jan 02 20:36:13 auth(default): Info: passwd-file /etc/dovecot/users: Read 2 users Jan 02 20:36:14 auth(default): Info: new auth connection: pid=3558 Jan 02 20:36:14 auth(default): Info: new auth connection: pid=3559 Jan 02 20:36:14 auth(default): Info: new auth connection: pid=3560
AFAIK, I disabled plain auth and enabled digest-md5. i don't know what else is relevant to this. If you need anything else, let me know.
Thank you for you reply.
Spyros
--- On Sat, 2/1/10, Timo Sirainen tss@iki.fi wrote:
From: Timo Sirainen tss@iki.fi Subject: Re: [Dovecot] What auth ? To: "Spyros Tsiolis" stsiol@yahoo.co.uk Cc: "Dovecot" dovecot@dovecot.org Date: Saturday, 2 January, 2010, 19:04 On 1.1.2010, at 18.19, Spyros Tsiolis wrote:
Something worth noticing for step "5". If I do this logging-in with the "user@fqdn" format, the systems kicks me out. I, then, check the latest on "/var/log/dovecot/errors" to find that the system does not complain about the auth.
If it disconnects you immediately, it really should have logged an error. Are you sure the errors go to that log file? Verify like http://wiki.dovecot.org/Logging says. Also auth_debug=yes could be helpful.
On 2.1.2010, at 13.47, Spyros Tsiolis wrote:
Jan 02 19:14:05 auth(default): Info: passwd-file(postmaster,127.0.0.1): lookup: user=postmaster file=/etc/dovecot/passwd Jan 02 19:14:05 auth(default): Info: passwd-file(postmaster,127.0.0.1): unknown user
"postmaster" doesn't exist in /etc/dovecot/passwd file.
Jan 02 19:15:26 imap-login: Info: Authenticate PLAIN failed: Unsupported authentication mechanism.: method=PLAIN, rip=127.0. .. AFAIK, I disabled plain auth and enabled digest-md5.
I guess you mean you set auth { mechanisms = digest-md5 }? Yeah, that'll cause plaintext auth attempts to fail and probably isn't what you wanted. http://wiki.dovecot.org/Authentication may be helpful.
Hi again Timo,
Yep. Looks like you're right. After my post yesterday I changed something and now nothing works.
Looks like I'll have to dig a little deeper on the docs.
Thank you again,
s.
--- On Sat, 2/1/10, Timo Sirainen tss@iki.fi wrote:
From: Timo Sirainen tss@iki.fi Subject: Re: [Dovecot] What auth ? To: "Spyros Tsiolis" stsiol@yahoo.co.uk Cc: "Dovecot Mailing List" dovecot@dovecot.org Date: Saturday, 2 January, 2010, 22:10 On 2.1.2010, at 13.47, Spyros Tsiolis wrote:
Jan 02 19:14:05 auth(default): Info: passwd-file(postmaster,127.0.0.1): lookup: user=postmaster file=/etc/dovecot/passwd Jan 02 19:14:05 auth(default): Info: passwd-file(postmaster,127.0.0.1): unknown user
"postmaster" doesn't exist in /etc/dovecot/passwd file.
Jan 02 19:15:26 imap-login: Info: Authenticate PLAIN failed: Unsupported authentication mechanism.: method=PLAIN, rip=127.0. .. AFAIK, I disabled plain auth and enabled digest-md5.
I guess you mean you set auth { mechanisms = digest-md5 }? Yeah, that'll cause plaintext auth attempts to fail and probably isn't what you wanted. http://wiki.dovecot.org/Authentication may be helpful.
participants (2)
-
Spyros Tsiolis
-
Timo Sirainen