[Dovecot] passdb pam and userdb passwd "Authentication failure" errors
While using Ubuntu 10.10 + Dovecot 1.2.12 + Postfix 2.7.1-1:
To enable virtual accounts, I am using the following /etc/dovecot/auth.d/virtualsomename.auth file: passdb passwd-file { args = /etc/dovecot/passwd } userdb static { args = uid=vmail gid=vmail home=/home/vmail/%u } EOT
cat /etc/dovecot/passwd looks like this: test:{PLAIN}pass bill:{PLAIN}secret timo@example.com:{PLAIN}hello123 dave@example.com:{PLAIN}world234
Issuing a 'sudo dovecot -n' shows: .../... auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: passwd-file args: /etc/dovecot/passwd userdb: driver: passwd userdb: driver: static args: uid=vmail gid=vmail home=/home/vmail/%u .../...
and while trying to connect to Dovecot as dave@example.com the log shows:
2010-12-04 18:15:58 auth(default): Info: new auth connection: pid=15334 2010-12-04 18:15:58 auth(default): Info: client in: AUTH 1 PLAIN service=smtp nologin lip=127.0.1.1 rip=127.0.1.1 resp=AGRhdmVAZXhhbXBsZS5jb20Ad29ybGQyMzQ= 2010-12-04 18:15:58 auth-worker(default): Info: pam(dave@example.com,127.0.1.1): lookup service=dovecot 2010-12-04 18:15:58 auth-worker(default): Info: pam(dave@example.com,127.0.1.1): #1/1 style=1 msg=Password: 2010-12-04 18:16:00 auth-worker(default): Info: pam(dave@example.com,127.0.1.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: world234) 2010-12-04 18:16:00 auth(default): Info: passwd-file(dave@example.com,127.0.1.1): lookup: user=dave@example.com file=/etc/dovecot/passwd 2010-12-04 18:16:00 auth(default): Info: client out: OK 1 user=dave@example.com
I have 2 questions:
QUESTION 1: To avoid those Authentication failure errors should I also comment out the passdb pam {...} and userdb passwd {...} blocks in the main /etc/dovecot/dovecot.conf? I was thinking in something like: sudo sed -i '/passdb pam {/,/}/s/^/#/' /etc/dovecot/dovecot.conf sudo sed -i '/userdb passwd {/,/}/s/^/#/' /etc/dovecot/dovecot.conf
QUESTION 2: the final email arrives with an email header that includes: Received: from desk.example.com (unknown [127.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.example.com (Postfix) with ESMTPSA id F24707FE6D for example@example.com; Sat, 4 Dec 2010 18:16:00 +0000 (WET)
Does this mean that I have SSL/TLS properly configured? The "No client certificate requested" is supposed to be there?
Thank you.
M.
On Saturday 04 December 2010 21:45:34 Mark Alan wrote:
QUESTION 2: the final email arrives with an email header that includes: Received: from desk.example.com (unknown [127.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.example.com (Postfix) with ESMTPSA id F24707FE6D for example@example.com; Sat, 4 Dec 2010 18:16:00 +0000 (WET)
Does this mean that I have SSL/TLS properly configured? The "No client certificate requested" is supposed to be there?
Can't really help you with your first question, however this second question pertains to Postfix and not Dovecot. But yes, from the looks of this header it seems TLS is configured correctly, and yes, "no client certificate requested" should be here. Unless of course you think you have Postfix configured to require client certificate verification. I advise you to have a look at the Postfix TLS documentation at http://www.postfix.org/TLS_README.html.
HTH
Andreas
On Sat, 4 Dec 2010 22:51:06 +0100, Andreas Ntaflos daff@dword.org wrote:
Can't really help you with your first question, however this second question pertains to Postfix and not Dovecot. But yes, from the looks of this header it seems TLS is configured correctly, and yes, "no client certificate requested" should be here.
Thank you.
M.
On Sat, 2010-12-04 at 20:45 +0000, Mark Alan wrote:
passdb: driver: pam passdb: driver: passwd-file args: /etc/dovecot/passwd userdb: driver: passwd userdb: driver: static args: uid=vmail gid=vmail home=/home/vmail/%u .../...
QUESTION 1: To avoid those Authentication failure errors should I also comment out the passdb pam {...} and userdb passwd {...} blocks in the main /etc/dovecot/dovecot.conf?
Yes.
I was thinking in something like: sudo sed -i '/passdb pam {/,/}/s/^/#/' /etc/dovecot/dovecot.conf sudo sed -i '/userdb passwd {/,/}/s/^/#/' /etc/dovecot/dovecot.conf
No idea if that works.
QUESTION 2: the final email arrives with an email header that includes: Received: from desk.example.com (unknown [127.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.example.com (Postfix) with ESMTPSA id F24707FE6D for example@example.com; Sat, 4 Dec 2010 18:16:00 +0000 (WET)
Does this mean that I have SSL/TLS properly configured? The "No client certificate requested" is supposed to be there?
Not a Dovecot question, so I don't know. But my guess is that it means client connected using TLS, but server didn't require a client to send a client-side certificate. Very few people use client certs, so I don't know why that would be explicitly mentioned there.
On Tue, 07 Dec 2010 23:41:24 +0000, Timo Sirainen tss@iki.fi wrote:
QUESTION 1: To avoid those Authentication failure errors should I also comment out the passdb pam {...} and userdb passwd {...} blocks in the main /etc/dovecot/dovecot.conf?
Yes.
I was thinking in something like: sudo sed -i '/passdb pam {/,/}/s/^/#/' /etc/dovecot/dovecot.conf sudo sed -i '/userdb passwd {/,/}/s/^/#/' /etc/dovecot/dovecot.conf
No idea if that works.
Did that. It works. No more erros in the logs.
Thank you.
M.
participants (3)
-
Andreas Ntaflos
-
Mark Alan
-
Timo Sirainen