[Dovecot] User not found when using shadow for passdb

John J. Stimson III john at idsfa.net
Sat May 17 16:05:49 UTC 2014


I poked through the source code for dovecot's auth module, and it
looks like the right username is getting passed to the linux system
getspnam() function, but for some reason it's interpreting the return
value as user not found.  I thought that it could be a permissions
problem with the auth process, so I edited 10-master.conf to try to
make the lookups as permissive as possible (I hope I did it
correctly):

service auth {
  unix_listener auth-userdb {
    mode = 0777
    user = root
    #group =
  }

I also tried the above, with user=root and the mode line commented
out, and again with mode = 0777 and the user line commented out.  The
results are all identical in the logs.  Is there anywhere else that I
can elevate the permission of the auto process's shadow password
lookups?

I am assuming that there is no way to set the shadow file location
because the lookups are done through a system call.

I am getting the unknown user error message for every user that tries
to connect to the server using IMAP, which is four different users.


On Fri, May 02, 2014 at 09:25:34AM -0700, John J. Stimson III wrote:
> I am getting "user unknown" when trying to connect to the dovecot
> server using IMAP.  The client gets an authentication failed message
> and does not download mail.
> 
> The host system uses shadow passwords in /etc/shadow.  I would like to
> use the same passwords for IMAP sessions, so I have set the passdb
> driver to shadow.
> 
> The system is Slackware, which does not use PAM.
> 
> Here is the dovecot version and configuration output:
> 
> # dovecot -n
> # 2.1.17: /usr/local/etc/dovecot/dovecot.conf
> # OS: Linux 3.6.5 i686 Slackware 13.1.0
> auth_debug_passwords = yes
> auth_verbose = yes
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   args = blocking=no
>   driver = shadow
> }
> service auth {
>   unix_listener auth-userdb {
>     user = root
>   }
> }
> ssl_cert = </etc/ssl/certs/dovecot.pem
> ssl_key = </etc/ssl/private/dovecot.pem
> userdb {
>   args = blocking=no
>   driver = passwd
> }
> 
> Here are the dovecot auth_passwd_debug level log messages when the
> client tries to connect:
> 
> May  2 09:05:07 harlie dovecot: auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
> May  2 09:05:07 harlie dovecot: auth: Debug: auth client connected (pid=22181)
> May  2 09:05:07 harlie dovecot: auth: Debug: client in: AUTH^I1^IPLAIN^Iservice=imap^Isecured^Isession=ABCDEFGHIJKLMNOP^Ilip=96.229.223.7^Irip=10.0.0.181^Ilport=993^Irport=51898^Iresp=zxywvutsrqponmlkji==
> May  2 09:05:07 harlie dovecot: auth: Debug: shadow(john,10.0.0.181,<ABCDEFGHIJKLMNOP>): lookup
> May  2 09:05:07 harlie dovecot: auth: shadow(john,10.0.0.181,<ABCDEFGHIJKLMNOP>): unknown user
> May  2 09:05:09 harlie dovecot: auth: Debug: client passdb out: FAIL^I1^Iuser=john
> May  2 09:05:09 harlie dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<john>, method=PLAIN, rip=10.0.0.181, lip=96.229.223.7, TLS, session=<ABCDEFGHIJKLMNOP>
> 
> The user john is a real account on the host machine and has entries in
> both /etc/passwd and /etc/shadow.
> 
> Help?

-- 

john at idsfa.net                                              John Stimson
http://www.idsfa.net/~john/                              HMC Physics '94


More information about the dovecot mailing list