[Dovecot] Weird Authentication behaviour
Jürgen Ladstätter
info at innova-studios.com
Mon Mar 24 11:34:33 UTC 2014
Hi guys,
we use dovecot 2.0.9 and authentication against a mysql database. Everything
works fine, but we found some weird behavior – when the password is e.g.
“testpass” you also authenticate successfully with “testpass123” or
“testpassNOT”. Whatever comes after the correct password doesn’t matter, the
authentication is still successful.
Here are the used configs:
// auth-sql.conf.ext
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/data/mail/%d/%n
}
// dovecot-sql.conf.ext
driver = mysql
connect = host=[IP] dbname=[DB] user=[USER] password=[PASS]
default_pass_scheme = CRYPT
password_query = SELECT `password`, `login` AS `user` FROM
`v_email_accounts` WHERE `login`='%u'
// 10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain
!include auth-sql.conf.ext
// 10-master.conf
default_process_limit = 1000
default_client_limit = 3003
default_vsz_limit = 1024M
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
service_count = 0
vsz_limit = 1024M
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service lmtp {
unix_listener lmtp {
}
}
service imap {
vsz_limit = 1024M
process_limit = 2048
}
service pop3 {
process_limit = 2048
}
service auth {
unix_listener auth-userdb {
user = vmail
group = vmail
}
client_limit = 8096
}
service auth-worker {
}
service dict {
unix_listener dict {
}
}
Thanks in advance for your help!
More information about the dovecot
mailing list