[Dovecot] Problem with client login in 1.2.17

Wed Jul 27 15:22:18 EEST 2011

Hi,

I have been using CentOS 5.5 with Dovecot 1.0.7.
My client apps login with TLS/SSL using an postgres database for username and password authentication.
I developed a plugin that added an additional IMAP command.

I want to eventually migrate to release 2.0 but have decided to make this a two step process.
I have started with 1.2.17 as I hope this would be a smaller step along the way.

I have installed 1.2.17 from source an installed.
Rebuilt my plugin and installed and set about updating the dovecot.conf file.
Installing the SSL certificate etc.....

I have tested the 1.0.7 configuration previously using a standard IMAP mail client.

When I try with 1.2.17 I can't seem to get logged in.

==> /var/log/maillog <==
Jul 27 21:48:26 email dovecot: auth(default): client in: AUTH	1	PLAIN	service=imap	secured	lip=192.168.1.10	rip=202.81.69.135	lport=10143	rport=58641	resp=ADYxNDE0NjI3NDM2AFExcjQwNHVD
Jul 27 21:48:26 email dovecot: auth-worker(default): pam(john,202.81.69.135): lookup service=dovecot
Jul 27 21:48:26 email dovecot: auth-worker(default): pam(john,202.81.69.135): #1/1 style=1 msg=Password: 
Jul 27 21:48:28 email dovecot: auth-worker(default): pam(john,202.81.69.135): unknown user
Jul 27 21:48:28 email dovecot: auth(default): sql(john,202.81.69.135): query: SELECT password FROM ivms_iphone WHERE username='john'
Jul 27 21:48:28 email dovecot: auth(default): client out: OK	1	user=john
Jul 27 21:48:28 email dovecot: auth(default): master in: REQUEST	2	28178	1
Jul 27 21:48:28 email dovecot: auth(default): passwd(john,202.81.69.135): lookup
Jul 27 21:48:28 email dovecot: auth(default): passwd(john,202.81.69.135): unknown user
Jul 27 21:48:28 email dovecot: auth(default): sql(john,202.81.69.135): SELECT home, uid, gid FROM users WHERE username='john'
Jul 27 21:48:28 email dovecot: auth(default): master out: USER	2	john	home=/var/imap_mail/john	uid=50gid=500
Jul 27 21:48:28 email dovecot: IMAP(john): Loading modules from directory: /usr/local/lib/dovecot/imap/
Jul 27 21:48:28 email dovecot: IMAP(john): Module loaded: /usr/local/lib/dovecot/imap//lib20_mail_log_plugin.so
Jul 27 21:48:28 email dovecot: IMAP(john): Module loaded: /usr/local/lib/dovecot/imap//change_passwd_plugin.so
Jul 27 21:48:28 email dovecot: IMAP(john): Effective uid=500, gid=500, home=/var/imap_mail/john
Jul 27 21:48:28 email dovecot: IMAP(john): maildir: data=john
Jul 27 21:48:28 email dovecot: IMAP(john): maildir++: root=john, index=, control=, inbox=john
Jul 27 21:48:28 email dovecot: imap-login: Login: user=<john>, method=PLAIN, rip=202.81.69.135, lip=192.168.1.10, TLS
Jul 27 21:48:28 email dovecot: IMAP(john): Namespace : Using permissions from john: mode=0700 gid=-1

==> /var/log/secure <==
Jul 27 21:48:26 email dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Jul 27 21:48:26 email dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=john rhost=202.81.69.135 
Jul 27 21:48:26 email dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user john

I have the following in the .conf file

auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes

Also note the following differences in behaviour between Dovecot 1.0.7 and 1.2.17

$ telnet new_system_1.2.17 10143
Trying 192.168.1.10...
Connected to new_system.com.au.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED] Dovecot ready.
A001 LOGIN john Q1r404uC
* BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed.
A001 NO [CLIENTBUG] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
telnet> quit
Connection closed.

$ telnet old_system_1.0.7 10143
Trying 192.168.1.4...
Connected to new_system.com.au
Escape character is '^]'.
* OK Dovecot ready.
A001 LOGIN john Q1r404uC
A001 OK Logged in.

Can anyone suggest what else I can enable to assist in determining why I can't appear to login.
Its appears related to SSL/TLS but I don't seem to have enough to go on.

I'm probably doing something stupid as usual.

Regards

John