Hi all,
Ok, just need a quick-n-dirty way to enable a master user for a migration...
Reading the docs, I'm not sure what the bare minimum is I need to do this...
At: http://wiki2.dovecot.org/Authentication/MasterUsers
The Example config shows:
auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes } passdb { driver = shadow } userdb { driver = passwd }
But, if I'm using a non-real user (just need a master user that can log in as all other users for the migration), do I need all three of these? Or just the first two? Or, just the first one?
I think I need the first two and not the last one, but am unsure. This is on a production system so don't want to break things, and I'm unfamiliar with using multiple passdb's...
Thanks,
Charles
Hello Charles,
the bare minimum ist just the first passdb entry auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes }
this will do the trick.
greetings dominik Am Freitag, den 29.05.2015, 09:03 -0400 schrieb Charles Marcus:
Hi all,
Ok, just need a quick-n-dirty way to enable a master user for a migration...
Reading the docs, I'm not sure what the bare minimum is I need to do this...
At: http://wiki2.dovecot.org/Authentication/MasterUsers
The Example config shows:
auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes } passdb { driver = shadow } userdb { driver = passwd }
But, if I'm using a non-real user (just need a master user that can log in as all other users for the migration), do I need all three of these? Or just the first two? Or, just the first one?
I think I need the first two and not the last one, but am unsure. This is on a production system so don't want to break things, and I'm unfamiliar with using multiple passdb's...
Thanks,
Charles
On 5/29/2015 9:25 AM, Dominik Breu <dominik@dominikbreu.de> wrote:
Hello Charles,
the bare minimum ist just the first passdb entry auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes }
this will do the trick.
Thanks... so, just checking, was it normal to see a whole bunch of these errors for a few seconds after reloading the dovecot config:
Error: Auth worker sees different passdbs/userdbs than auth server. Maybe config just changed and this goes away automatically?
?
As the error shows, they did go away by themselves after about 10+ seconds...
Thanks again!
Charles
On 5/29/2015 9:25 AM, Dominik Breu <dominik@dominikbreu.de> wrote:
Hello Charles,
the bare minimum ist just the first passdb entry auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes }
this will do the trick.
Ok, this isn't working, I'm getting auth failed when testing either with telnet or doing it in Thunderbird.
I tried both using the htpasswd method for generating the password in the passwd file, and when that failed, I also tried just putting the password in the file in plain text...
So... what am I missing/doing wrong?
Thanks,
Charles
Apologies - maybe doveconf -n shows a hint at the problem?
Maybe it has to do with I'm using the default_realm? But I've tried adding the user as both the local part, and with the fqdn...
# doveconf -n # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 3.10.41-gentoo-r1 x86_64 Gentoo Base System release 2.2 auth_default_realm = media-brokers.com auth_master_user_separator = * auth_mechanisms = plain login deliver_log_format = msgid=%m: subject=%s: %$ first_valid_uid = 200 last_valid_uid = 200 listen = * login_log_format_elements = user=<%u> method=%m %c rip=%r lport=%{lport} mail_attachment_dir = /var/vmail/%d/attachments mail_gid = vmail mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox "Deleted Items" { special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox "Junk E-mail" { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap { process_limit = 2048 } ssl = required ssl_cert = </etc/ssl/mbiCerts/RapidSSL/mail_mbi.crt ssl_key = </etc/ssl/mbiCerts/RapidSSL/mail_mbi.key userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol smtp { auth_verbose = yes } protocol lda { auth_verbose = yes mail_plugins = sieve } protocol imap { mail_max_userip_connections = 20 }
Charles
On 5/29/2015 9:55 AM, Charles Marcus <CMarcus@Media-Brokers.com> wrote:
On 5/29/2015 9:25 AM, Dominik Breu <dominik@dominikbreu.de> wrote:
Hello Charles,
the bare minimum ist just the first passdb entry auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes }
this will do the trick. Ok, this isn't working, I'm getting auth failed when testing either with telnet or doing it in Thunderbird.
I tried both using the htpasswd method for generating the password in the passwd file, and when that failed, I also tried just putting the password in the file in plain text...
So... what am I missing/doing wrong?
Thanks,
Charles
hello,
in which way do you login ?
loginuser*masteruser or just masteruser?
You have to do the login with loginuser*masteruser masterpass
greetings dominik Am Freitag, den 29.05.2015, 10:14 -0400 schrieb Charles Marcus:
Apologies - maybe doveconf -n shows a hint at the problem?
Maybe it has to do with I'm using the default_realm? But I've tried adding the user as both the local part, and with the fqdn...
# doveconf -n # 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 3.10.41-gentoo-r1 x86_64 Gentoo Base System release 2.2 auth_default_realm = media-brokers.com auth_master_user_separator = * auth_mechanisms = plain login deliver_log_format = msgid=%m: subject=%s: %$ first_valid_uid = 200 last_valid_uid = 200 listen = * login_log_format_elements = user=<%u> method=%m %c rip=%r lport=%{lport} mail_attachment_dir = /var/vmail/%d/attachments mail_gid = vmail mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox "Deleted Items" { special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox "Junk E-mail" { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap { process_limit = 2048 } ssl = required ssl_cert = </etc/ssl/mbiCerts/RapidSSL/mail_mbi.crt ssl_key = </etc/ssl/mbiCerts/RapidSSL/mail_mbi.key userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol smtp { auth_verbose = yes } protocol lda { auth_verbose = yes mail_plugins = sieve } protocol imap { mail_max_userip_connections = 20 }
Charles
On 5/29/2015 9:55 AM, Charles Marcus <CMarcus@Media-Brokers.com> wrote:
On 5/29/2015 9:25 AM, Dominik Breu <dominik@dominikbreu.de> wrote:
Hello Charles,
the bare minimum ist just the first passdb entry auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes }
this will do the trick. Ok, this isn't working, I'm getting auth failed when testing either with telnet or doing it in Thunderbird.
I tried both using the htpasswd method for generating the password in the passwd file, and when that failed, I also tried just putting the password in the file in plain text...
So... what am I missing/doing wrong?
Thanks,
Charles
On 5/29/2015 10:58 AM, Dominik Breu <dominik@dominikbreu.de> wrote:
hello,
in which way do you login ?
loginuser*masteruser or just masteruser?
You have to do the login with loginuser*masteruser masterpass
Thanks dominik, but I figured out what I did wrong...
I changed the password using htpasswd again, but neglected to use the -s switch to tell it to use SHA1 encryption method (finally noticed the $apr1$ at the beginning of the encrypted passwd in the file)...
Changing the passwd again using the -s switch now it works...
:)
Thanks again!
Charles
participants (2)
-
Charles Marcus
-
Dominik Breu