[Dovecot] Dovecot-auth stand alone
Since you have to have a SASL implementation with Postfix, either Cyrus or Dovecot, would it be feasable to have autoconf options to build only those parts required?
Currently I attempt to disable most things, except for LDAP which we want to use:
./configure --with-ldap --without-pop3d --without-passwd --without-passwd-file --without-shadow --without-pam --without-checkpassword --without-bsdauth --without-vpopmail --without-ssl --without-deliver --without-sql-drivers --with-storages=
That still compiles, and installs, imap. No way to stop that.
However, master process "dovecot" does not want to start with "protocols=" set to empty. This is somewhat understandable, but I really do not want any listening ports, just the Unix auth socket and dovecot-auth process. Bind localhost for now?
I take it I should run dovecot-auth as stand-alone, setting the AUTH_1 environment variable as well as a few others.
Lund
-- Jorgen Lundman | lundman@lundman.net Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
Jorgen Lundman wrote:
However, master process "dovecot" does not want to start with "protocols=" set to empty. This is somewhat understandable, but I really do not want any listening ports, just the Unix auth socket and dovecot-auth process. Bind localhost for now?
I think that should be "protocols=none" see http://www.dovecot.org/list/dovecot-news/2006-October/000016.html
Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
On 18.10.2006, at 9.55, Jorgen Lundman wrote:
Since you have to have a SASL implementation with Postfix, either
Cyrus or Dovecot, would it be feasable to have autoconf options to
build only those parts required?Currently I attempt to disable most things, except for LDAP which
we want to use:./configure --with-ldap --without-pop3d --without-passwd --without- passwd-file --without-shadow --without-pam --without-checkpassword
--without-bsdauth --without-vpopmail --without-ssl --without- deliver --without-sql-drivers --with-storages=That still compiles, and installs, imap. No way to stop that.
Well, yea. It doesn't hurt that much though since you don't need to
use them. :) I'll make dovecot-auth a completely separate package at
some point also.
However, master process "dovecot" does not want to start with
"protocols=" set to empty. This is somewhat understandable, but I
really do not want any listening ports, just the Unix auth socket
and dovecot-auth process. Bind localhost for now?
protocols = none works.
Timo Sirainen wrote:
protocols = none works.
Damnit! I have been reading your code to figure out how to start it stand-alone!
# export USERDB_1_DRIVER=prefetch # export PASSDB_1_DRIVER=ldap # export PASSDB_1_ARGS=/usr/local/etc/dovecot-ldap.conf # export MECHANISMS="plain login" # export AUTH_1=/var/spool/postfix/private/auth # export AUTH_1_MODE=0660 # /usr/local/libexec/dovecot/dovecot-auth
Oh well, I'll run "dovecot" master instead :)
Lund
-- Jorgen Lundman | lundman@lundman.net Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
Interesting side note. So I disabled everything I did not need, just ldap for now. Changed my configuration to have just:
passdb ldap { args = /usr/local/etc/dovecot-ldap.conf } userdb prefetch { }
auth default_with_listener { mechanisms = plain login passdb ldap { args = /usr/local/etc/dovecot-ldap.conf } userdb prefetch { }
Note the "passdb" change from default.
I found when I did this, I could not authenticate:
535 5.7.0 Error: authentication failed: UGFzc3dvcmQ6 Oct 18 16:45:15 corpsmtp01 dovecot: [ID 107833 mail.info] auth(default_with_list ener): ldap(lundman): Password mismatch Oct 18 16:45:15 corpsmtp01 dovecot: [ID 107833 mail.info] auth(default_with_list ener): ldap(lundman): crypt(MyPlainTextPass) != 'MyCryptPass'
It turns out, using "--without-pam" is no good, so I compiled it with "pam" support again, changed the listener section to:
auth default_with_listener { mechanisms = plain login passdb pam { } userdb prefetch { }
and suddenly it works again:
235 2.0.0 Authentication successful
Intentional?
Lund
Jorgen Lundman wrote:
Timo Sirainen wrote:
protocols = none works.
Damnit! I have been reading your code to figure out how to start it stand-alone!
# export USERDB_1_DRIVER=prefetch # export PASSDB_1_DRIVER=ldap # export PASSDB_1_ARGS=/usr/local/etc/dovecot-ldap.conf # export MECHANISMS="plain login" # export AUTH_1=/var/spool/postfix/private/auth # export AUTH_1_MODE=0660 # /usr/local/libexec/dovecot/dovecot-auth
Oh well, I'll run "dovecot" master instead :)
Lund
-- Jorgen Lundman | lundman@lundman.net Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
On Wed, 2006-10-18 at 17:09 +0900, Jorgen Lundman wrote:
Oct 18 16:45:15 corpsmtp01 dovecot: [ID 107833 mail.info] auth(default_with_list ener): ldap(lundman): Password mismatch Oct 18 16:45:15 corpsmtp01 dovecot: [ID 107833 mail.info] auth(default_with_list ener): ldap(lundman): crypt(MyPlainTextPass) != 'MyCryptPass'
I'd guess the password is in some other format than normal crypt. LDAP-MD5 or something? default_pass_scheme would change that.
participants (3)
-
Chris Wakelin
-
Jorgen Lundman
-
Timo Sirainen