Master user without pass=yes error
Thomas HUMMEL
hummel at pasteur.fr
Mon Feb 2 16:55:26 UTC 2015
Hello Timo,
I just tried the master user feature with a very simple setup (Dovecot v2.2.15) :
!include auth-master.conf.ext -> passwd-file passdb
!include auth-ldap.conf.ext -> ldap passdb (userdb prefetched) without auth_bind=yes
without pass=yes I get this userdb lookup error :
dovecot: auth: passwd-file(masteruser,157.99.64.42,master,<4Pgesh0OygCdY0Aq>): Master user logging in as normaluser
dovecot: auth: Error: prefetch(normaluser,157.99.64.42,<4Pgesh0OygCdY0Aq>): userdb lookup not possible with only userdb prefetch
dovecot: imap: Error: Internal auth failure (client-pid=10449 client-id=1)
dovecot: imap-login: Internal login failure (pid=10449 id=1) (internal failure, 1 successful auths): user=<normaluser>, method=PLAIN, rip=157.99.64.42, lip=157.99.64.81, mpid=10570, TLS, session=<4Pgesh0OygCdY0Aq>
with pass=yes, it works.
Feb 2 17:51:24 langres dovecot: auth: passwd-file(masteruser,157.99.64.42,master,<YmjAwx0O0gCdY0Aq>): Master user logging in as normaluser
Feb 2 17:51:24 langres dovecot: imap-login: Login: user=<normaluser>, method=PLAIN, rip=157.99.64.42, lip=157.99.64.81, mpid=11647, TLS, session=<YmjAwx0O0gCdY0Aq>
I dont quite understand why because the documentation states that 'pass=yes'
"means that Dovecot verifies that the login user really exists before allowing
the master user to log in. Without the setting if a nonexistent login username
is given,[...]"
Here, 'normaluser' exists in the ldap passdb so, even with pass=no, I'm not supposed to be in the 'nonesxistent login username' case.
Can you help ?
thanks.
--
Thomas Hummel | Institut Pasteur
<hummel at pasteur.fr> | Groupe Exploitation et Infrastructure
More information about the dovecot
mailing list