Master user without pass=yes error

Thomas HUMMEL hummel at pasteur.fr
Mon Feb 2 16:55:26 UTC 2015


Hello Timo,

I just tried the master user feature with a very simple setup (Dovecot v2.2.15) :

!include auth-master.conf.ext -> passwd-file passdb
!include auth-ldap.conf.ext -> ldap passdb (userdb prefetched) without auth_bind=yes

without pass=yes I get this userdb lookup error :

dovecot: auth: passwd-file(masteruser,157.99.64.42,master,<4Pgesh0OygCdY0Aq>): Master user logging in as normaluser
dovecot: auth: Error: prefetch(normaluser,157.99.64.42,<4Pgesh0OygCdY0Aq>): userdb lookup not possible with only userdb prefetch
dovecot: imap: Error: Internal auth failure (client-pid=10449 client-id=1)
dovecot: imap-login: Internal login failure (pid=10449 id=1) (internal failure, 1 successful auths): user=<normaluser>, method=PLAIN, rip=157.99.64.42, lip=157.99.64.81, mpid=10570, TLS, session=<4Pgesh0OygCdY0Aq>

with pass=yes, it works. 

Feb  2 17:51:24 langres dovecot: auth: passwd-file(masteruser,157.99.64.42,master,<YmjAwx0O0gCdY0Aq>): Master user logging in as normaluser
Feb  2 17:51:24 langres dovecot: imap-login: Login: user=<normaluser>, method=PLAIN, rip=157.99.64.42, lip=157.99.64.81, mpid=11647, TLS, session=<YmjAwx0O0gCdY0Aq>

I dont quite understand why because the documentation states that 'pass=yes' 

  "means that Dovecot verifies that the login user really exists before allowing
  the master user to log in. Without the setting if a nonexistent login username
  is given,[...]"

Here, 'normaluser' exists in the ldap passdb so, even with pass=no, I'm not supposed to be in the 'nonesxistent login username' case.

Can you help ?

thanks.

-- 
Thomas Hummel 	    | Institut Pasteur
<hummel at pasteur.fr> | Groupe Exploitation et Infrastructure


More information about the dovecot mailing list