[Dovecot] passwd authentication issues (ATTN: Petar)

Bruce Lane kyrrin at bluefeathertech.com
Wed Jul 12 07:00:53 EEST 2006 

Hi, Petar,

	For whatever reason, I didn't see your most recent reply until I checked the web archives.

	To answer your questions...

	Is my dovecot running chrooted? Not that I know of. However, the option to (apparently) decide this is confusing at best. Here is what I have entered.

# chroot login process to the login_dir. Only reason not to do this is if you
# wish to run the whole Dovecot without roots.
# http://wiki.dovecot.org/Rootless
login_chroot = yes

	Now, my guts tell me that this WILL make it run chrooted. However, reading the material at this link...

http://wiki.dovecot.org/Rootless

	...says otherwise, and that setting this to 'no' would be making it run chrooted.

	For reference, this is the process line from ps -aux|grep dovecot

root     3182  0.0  1.4  256   876 ?     Ss   Sun08PM 10:10.06 /usr/local/sbin/dovecot

	Also, something else just turned up in the process list that I'm not sure I understand. Specifically...

root     1817  0.0  1.6  324  1056 ?     S     8:53PM  0:00.19 dovecot-auth 
dovecot  2191  0.0  3.0  256  1940 ?     S     8:53PM  0:00.97 imap-login 
root     3182  0.0  1.4  256   876 ?     Ss   Sun08PM 10:11.78 /usr/local/sbin/dovecot 
dovecot  6333  0.0  3.0  256  1940 ?     S     8:53PM  0:00.93 imap-login 
dovecot  8133  0.0  3.0  256  1940 ?     S     8:53PM  0:00.97 imap-login 
dovecot  8397  0.0  3.0  256  1940 ?     S     8:53PM  0:00.96 imap-login 
dovecot 16144  0.0  3.0  256  1940 ?     S     8:53PM  0:00.92 imap-login 

	This has me deeply confused. I'm not running IMAP, I'm not interested in running IMAP, I don't want anything to do with IMAP. However, there's five processes for imap-login. What gives?

	On to your second question: Are /etc/pwd.db and /etc/spwd.db available? Yes, both are listed in the directory of /etc as follows.

-rw-r--r--  1 root  wheel  40960 Jul  9 09:56 /etc/pwd.db
-rw-------  1 root  wheel  40960 Jul  9 09:56 /etc/spwd.db
featherweb: {41}

	How "available" this makes them (I don't know what context you were asking in), I'm not sure. Just for giggles, I tried chaning the permissions on spwd.db so that it was world-readable. Doing so had no effect. I still get password failure errors when I try to authenticate a pop3s connection from the client program.

	One other question: Pegasus (the mail client) has two options for secure POP connections besides apop (which I've shelved for the moment): STLS and direct SSL connection. I've got it set to direct SSL at the moment. Does this sound right?

	Looking forward to the next set of replies.

	Thanks much.


-=-=-=-=-=-=-=-=-=-=-=-
Bruce Lane, Owner & Head Hardware Heavy,
Blue Feather Technologies -- http://www.bluefeathertech.com
kyrrin (at) bluefeathertech do/t c=o=m
"If Salvador Dali had owned a computer, would it have been equipped with surreal ports?"

More information about the dovecot mailing list