[Dovecot] authentication methods : pam, passwd and then backup question. How to restrict the methods

J4K junk4 at klunky.co.uk
Tue Jan 25 18:55:33 EET 2011 

On 01/25/2011 05:53 PM, Pascal Volk wrote:
> On 01/25/2011 05:50 PM J4K wrote:
>> Dear all,
>>
>>     I noticed that incoming users were attempting to authenicate using
>> several methods like pam sql. Eventually, they logged in.
>> Is there a way for dovecot to only query a mysql backup for users, and
>> skip the other methods?
>>
>> Examples from logs (via Roundcube webmail in this case, but the same
>> messages appear with port 993)
>>
>> Jan 25 17:22:17 srv dovecot: auth-worker(default):
>> pam(aa at bb.co.uk,127.0.0.1): pam_authenticate() failed: Authentication
>> failure (password mismatch?)
>> Jan 25 17:22:17 srv dovecot: auth(default):
>> passwd(aa at bb.co.uk,127.0.0.1): unknown user
>> Jan 25 17:22:17 srv dovecot: imap-login: Login: user=<aa at bb.co.uk>,
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
>>
>> As shown above, the user uses pam, passwd and then finally the user
>> account fetched from mysql.
>>
>> The distribution is Debian Squeeze.
>>
> Configure only the userdb and passdb you want to use and remove all
> other. You forgot to show your `doveconf -n`/`dovecot -n` output.
>
>
> Regards,
> Pascal
Sorry.  Its below:

# dovecot -n
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-cgmemcap-smack x86_64 Debian 6.0 ext4
log_timestamp: %Y-%m-%d %H:%M:%S
listen: 127.0.0.1:3993
ssl_listen: *:993
ssl: required
ssl_ca_file: /etc/ssl/certs/startcomIntermediateCA.pem
ssl_cert_file: /etc/ssl/private/klunky.co.uk.ssl.crt
ssl_key_file: /etc/ssl/private/klunky.co.uk.nopassphase_ssl.key
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_max_processes_count: 256
valid_chroot_dirs: /var/vmail
first_valid_uid: 106
mail_privileged_group: mail
mail_location: maildir:/var/vmail/%d/%u/
maildir_very_dirty_syncs: yes
mbox_write_locks: fcntl dotlock
mail_plugins: quota
lda:
  log_path:
  auth_socket_path: /var/run/dovecot/auth-master
  postmaster_address: postmaster at example.com
  mail_plugins: sieve quota
  sieve_global_path: /var/vmail/globalsieverc
auth default:
  mechanisms: plain login
  verbose: yes
  passdb:
    driver: pam
  passdb:
    driver: sql
    args: /etc/dovecot/dovecot-mysql.conf
  userdb:
    driver: passwd
  userdb:
    driver: static
    args: uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
  userdb:
    driver: sql
    args: /etc/dovecot/dovecot-mysql.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: vmail
plugin:
  quota_rule: *:storage=262144:messages=20000
  quota_rule2: Trash:storage=282144:messages=23000
dict:
  quotadict: mysql:/etc/dovecot/dovecot-dict-quota.conf

More information about the dovecot mailing list