[Dovecot] Requested xxxx scheme, but we have a NULL password after upgrade
PhilQ
philq at qsystemsengineering.com
Wed Feb 13 23:30:27 EET 2013
I'm having an issue I can't seem to work around after upgrading from Dovecot
1.0.7 to 1.2.17.
After getting Dovecot 1.07 working on CentOS 5.9, I decided that it might be
wise to upgrade to a later version, so I stuck with 1.x and went with
1.2.17, which I had to compile from source. CentOS was originally using
/etc as the starting path for Dovecot files but the source distribution puts
most of the stuff under /usr/local/etc. After the usual config>make>make
install dance I made the necessary changes to point to the new libraries,
modules, etc. and the "imap-login: Fatal: Dovecot version mismatch: Master
is v1.2.17, login is v1.0.7...." messages went away.
After doing this though I cannot login, I get the following error messages:
Feb 13 15:50:40 auth(default): Info: client in: AUTH 7 NTLM
service=imap lip=192.168.2.102 rip=192.168.2.100 lport=143
rport=1470
Feb 13 15:50:40 auth(default): Info: client out: CONT 7
Feb 13 15:50:40 auth(default): Info: client in: CONT 7
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
Feb 13 15:50:40 auth(default): Info: client out: CONT 7
TlRMTVNTUAACAAAAMAAwADAAAAAFAooATj7XW6ve2hwAAAAAAAAAADgAOABgAAAAUwBlAHIAdgBlAHIAMQAuAGgAZQByAHMAYwBoAGwAYQB1AHIAZQBuAC4AYwBvAG0AAwAwAFMAZQByAHYAZQByADEALgBoAGUAcgBzAGMAaABsAGEAdQByAGUAbgAuAGMAbwBtAAAAAAA=
Feb 13 15:50:40 auth(default): Info: client in: CONT 7
TlRMTVNTUAADAAAAGAAYAGoAAABoAGgAggAAAAAAAABIAAAAEAAQAEgAAAASABIAWAAAAAAAAADqAAAABQKIAgUBKAoAAAAP*CENSORED*bgBiAFEAUwBFAC0AVwBJAE4AWABQAEXO6p/WuopqQ02x1kzJGW3NoQELKw32N88JqkbMOYOVErhiS492elwBAQAAAAAAA*CENSORED*ysN9jcAAAAAAwAwAFMAZQByAHYAZQByADEALgBoAGUAcgBzAGMAaABsAGEAdQByAGUAbgAuAGMAbwBtAAAAAAAAAAAA
Feb 13 15:50:40 auth(default): Info: cache(pquesinb,192.168.2.100): miss
Feb 13 15:50:40 auth(default): Info: passwd-file(pquesinb,192.168.2.100):
lookup: user=pquesinb file=/etc/dovecot.users
Feb 13 15:50:40 auth(default): Info: password(pquesinb,192.168.2.100):
Requested NTLM scheme, but we have a NULL password
Feb 13 15:50:40 auth(default): Info: cache(pquesinb,192.168.2.100): miss
Feb 13 15:50:40 auth(default): Info: password(pquesinb,192.168.2.100):
passdb doesn't support credential lookups
Feb 13 15:50:40 auth(default): Info: cache(pquesinb,192.168.2.100): miss
Feb 13 15:50:40 auth(default): Info: password(pquesinb,192.168.2.100):
passdb doesn't support credential lookups
Feb 13 15:50:40 auth(default): Info: cache(pquesinb,192.168.2.100): miss
Feb 13 15:50:40 auth(default): Info: password(pquesinb,192.168.2.100):
passdb doesn't support credential lookups
Feb 13 15:50:40 auth(default): Info: cache(pquesinb,192.168.2.100): miss
Feb 13 15:50:40 auth(default): Info: password(pquesinb,192.168.2.100):
passdb doesn't support credential lookups
Feb 13 15:50:42 auth(default): Info: client out: FAIL 7
user=pquesinb
Looking at the log from the old version while it was working, I was getting
messages like the following:
dovecot: Feb 04 14:14:21 Info: imap-login: Login: user=<pquesinb>,
method=NTLM, rip=192.168.2.100, lip=192.168.2.102
dovecot: Feb 04 14:14:21 Info: imap-login: Login: user=<pquesinb>,
method=NTLM, rip=192.168.2.100, lip=192.168.2.102
dovecot: Feb 04 14:15:03 Info: IMAP(pquesinb): Disconnected: Logged out
dovecot: Feb 04 14:15:03 Info: IMAP(pquesinb): Disconnected: Logged out
dovecot: Feb 04 14:15:23 Info: imap-login: Login: user=<pquesinb>,
method=NTLM, rip=192.168.2.100, lip=192.168.2.102
dovecot: Feb 04 14:15:23 Info: imap-login: Login: user=<pquesinb>,
method=NTLM, rip=192.168.2.100, lip=192.168.2.102
dovecot: Feb 04 14:16:05 Info: IMAP(pquesinb): Disconnected: Logged out
dovecot: Feb 04 14:16:05 Info: IMAP(pquesinb): Disconnected: Logged out
/etc/dovecot.users contains a list of usernames.
Is this error the result of additional security which has been incorporated
into the later version of Dovecot, or is it because my installation of the
later version from source is broken, somehow incompatible, etc? Dovecot was
configured to use PAM and it appeared to know the password of my account,
failing when it was entered incorrectly so I'm assuming that it was
successfully using PAM. I kept the same syntax in the later config file.
>From dovecot.conf:
passdb pam {
# [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
# [cache_key=<key>] [<service name>]
#
# session=yes makes Dovecot open and immediately close PAM session. Some
# PAM plugins need this to work, such as pam_mkhomedir.
#
# setcred=yes makes Dovecot establish PAM credentials if some PAM
plugins
# need that. They aren't ever deleted though, so this isn't enabled by
# default.
#
# max_requests specifies how many PAM lookups to do in one process
before
# recreating the process. The default is 100, because many PAM plugins
# leak memory.
#
# cache_key can be used to enable authentication caching for PAM
# (auth_cache_size also needs to be set). It isn't enabled by default
# because PAM modules can do all kinds of checks besides checking
password,
# such as checking IP address. Dovecot can't know about these checks
# without some help. cache_key is simply a list of variables (see
# doc/wiki/Variables.txt) which must match for the cached data to be
used.
# Here are some examples:
# %u - Username must match. Probably sufficient for most uses.
# %u%r - Username and remote IP address must match.
# %u%s - Username and service (ie. IMAP, POP3) must match.
#
# The service name can contain variables, for example %Ls expands to
# pop3 or imap.
#
# Some examples:
# args = session=yes %Ls
args = cache_key=%u dovecot
#args = dovecot
}
If anyone could give me some ideas on where to go from here, I'd really
appreciate it. If there's little chance of getting the newer version to
work with CentOS 5 then I'm ready to just drop back to the older version.
Thanks a bunch.
- Phil
Config info follows:
[root at Server1 lda]# dovecot -n
# 1.2.17: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.18-348.el5.centos.plusxen x86_64 CentOS release 5.9 (Final)
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot.log
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file: /etc/pki/dovecot/private/dovecot.pem
disable_plaintext_auth: no
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
max_mail_processes: 64
mail_location: maildir:~/Maildir
maildir_very_dirty_syncs: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
mail_log_max_lines_per_sec: 100
imap_client_workarounds(default): outlook-idle
imap_client_workarounds(imap): outlook-idle
imap_client_workarounds(pop3):
lda:
mail_plugin_dir: /usr/local/lib/dovecot/lda
auth default:
mechanisms: ntlm plain login digest-md5
cache_size: 16
cache_ttl: 90
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: passwd-file
args: /etc/dovecot.users
passdb:
driver: pam
args: cache_key=%u dovecot
passdb:
driver: passwd
passdb:
driver: shadow
userdb:
driver: passwd
--
View this message in context: http://dovecot.2317879.n4.nabble.com/Requested-xxxx-scheme-but-we-have-a-NULL-password-after-upgrade-tp40123.html
Sent from the Dovecot mailing list archive at Nabble.com.
More information about the dovecot
mailing list