authenticate plain, and virtual users
Eric Abrahamsen
eric at ericabrahamsen.net
Wed Oct 22 04:32:01 UTC 2014
I'm running dovecot 2.2.14 on Archlinux. I've been using it with the
isync syncing utility for quite some time with no problems, using the
LOGIN authentication mechanism. Recently Isync was updated to support
PLAIN, and I'm having trouble moving to that. The authenticate string
that isync is sending is not the one that dovecot is expecting.
I suspect this is because of how I have virtual users set up on my
machine. This is a personal laptop, no other users, and so I didn't want
to go through the rigmarole of creating more system users just for mail
accounts. I also wanted everything stored under my home directory. So my
dovecot config looks like this:
# 2.2.14: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.4-1-ARCH i686
auth_verbose = yes
disable_plaintext_auth = no
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_plugins = " fts fts_lucene"
passdb {
args = username_format=%u /etc/dovecot/passwd
driver = passwd-file
}
plugin {
fts = lucene
fts_autoindex = yes
fts_lucene = whitespace_chars=@.
}
protocols = imap
ssl = no
userdb {
args = uid=eric gid=users home=/home/eric/.mail/%d/%n username_format=%u
default_fields = mail=maildir:/home/eric/.mail/%d/%n/mail
driver = static
}
My /etc/dovecot/passwd looks like this:
eric at ericabrahamsen.net:{PLAIN}password1
eric at paper-republic.org:{PLAIN}password2
When isync tries to log into the local dovecot using PLAIN, it sends
the base64-encoded version of this string:
eric at paper-republic.org\0eric\0password2
With my current dovecot config, telnet experimentation shows that
dovecot will accept either of these two:
\0eric at paper-republic.org\0password2
eric at paper-republic.org\0eric at paper-republic.org\0password2
Ie, either with or without the authorization ID, just like it says at
http://wiki2.dovecot.org/Debugging/Authentication
Given that I'm unlikely to be able to change how isync sends the string
(and that it's really doing the right thing), are there alterations I
can make to my dovecot config to get it to accept the authenticate
string that isync is sending? Ideally, can I do that without having to
set up system users?
I've already tried using the other fields in the passwd file, putting
"eric" and "eric at paper-republic.org" into the UID fields, just in case.
No dice.
Thanks in advance for any advice!
Eric
More information about the dovecot
mailing list