[Dovecot] Improvements to "Authentication failed" error

Patrick Ben Koetter p at state-of-mind.de
Mon Oct 6 10:28:48 EEST 2008


* Timo Sirainen <dovecot at dovecot.org>:
> Probably one of the most commonly asked question is "Why does Dovecot
> just say authentication failed"? It would be nice to be able to get rid
> of these questions by having Dovecot itself point out the
> http://wiki.dovecot.org/WhyDoesItNotWork link. But how to do this? There
> are two groups of people here:
> 
> 1) People who look at logs after seeing the "Authentication failed" from
> a client/telnet session.
> 
> 2) People who don't even think about looking at logs.
> 
> I'm thinking that the group 1 could be handled by having Dovecot log the
> link once as informational message if the first authentication attempt
> fails and it's from localhost. This shouldn't cause problems I think.
> 
> Group 2 is more difficult though, and I fear they're also the ones
> asking this question more often than group 1.. I think the only solution
> would be to change the IMAP/POP3 error message for them. So instead of:
> 
> NO Authentication failed.


I don't agree. To me the problem is a role conflict (user vs. sysadm) and lack
to follow sysadm standard procedures. 

The "NO Authentication failed." message is a message sent to the user. It's
meant to be simple and the message we are talking about says exactly what
happend. All the options you are thinking off, are making it more complicated
and this would irritate any user (role).

I would not send a mixture of user and sysadm notes in the failure message.
Pointing people to the log points to a starting point only, but it's not a
debugging procedure. I don't think this will solve the problem. People will
have a look at the log and then they will show up on the list and yell
"Authentication failed and I took a look at the log, but it didn't tell what's
wrong."

Instead I'd leave the message as simple as it is and - if you haven't done so
yet- I would prepare documentation that describes debugging procedures and I
would send that link to anybody who refuses to show up prepared. This gives
them what they need: Instructions to debug authentication problems.


p at rick


-- 
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick Koetter            Tel: 089 45227227
Echinger Strasse 3         Fax: 089 45227226
85386 Eching               Web: http://www.state-of-mind.de

Amtsgericht München        Partnerschaftsregister PR 563


More information about the dovecot mailing list