[Dovecot] Errors with doveadm when using checkpassword

Andy Dills andy at xecu.net
Tue Feb 5 04:16:41 EET 2013


On Feb 4, 2013, at 8:56 PM, Timo Sirainen <tss at iki.fi> wrote:

> On Mon, 2013-02-04 at 12:08 -0500, Andy Dills wrote:
>> We have a checkpassword authentication with mysql pre-fetch for the 
>> userdb lookups.
>> 
>> When trying to do:
>> 
>> doveadm search -u andytest at xecu.net mailbox Trash DELETED
>> 
>> I get:
>> 
>> doveadm(andytest at xecu.net): Error: user andytest at xecu.net: Auth PASS 
>> lookup failed
>> doveadm(andytest at xecu.net): Fatal: /var/run/dovecot/auth-userdb: passdb 
>> lookup failed (to see if user is proxied, because doveadm_proxy_port is 
>> set)
> 
> Do you have proxying enabled? If not, remove doveadm_proxy_port and this
> solves itself

Yes, I apologize, it appears I edited out the paragraph where I described our setup.

Cluster of dovecot dual instance servers, one proxy/director, one backend. The backend config lives in dovecot.conf, the proxy config in proxy.conf (let me know if the specific config would help). Version 2.1.12 (current version in FreeBSD ports).

I should mention, I have to specify the director-admin socket manually when using doveadm director, it's as if doveadm isn't quite aware of the config in the proxy instance.

However, the authentication happens in the primary "dovecot.conf" instance...that's where checkpassword gets called, and where the prefetch is configured. The proxy is "dumb".

>> I'm not surprised the checkpassword lookup is failing; the password 
>> isn't being supplied. Shouldn't it just be doing the prefetch lookup 
>> instead, like the lmtp service?
> 
> doveadm doesn't care about the password. It cares about the proxy
> destination host so that it can automatically connect to the correct
> host to run the command.


I understand doveadm doesn't care about the password; i was confused why checkpassword was being called when the password is unknown rather than using the mysql prefetch.

So, I guess what you're saying is doveadm should be talking to the proxy instance rather than the backend instance? I assume I need to move the backend to a differently named config and make my proxy instances live in dovecot.conf, so that doveadm sees the "right" config?

Thanks,
Andy


More information about the dovecot mailing list