Auth Policy Server/wforce/weakforced

Daniel Miller dmiller at amfes.com
Fri Aug 4 23:10:22 EEST 2017


On 8/4/2017 12:48 PM, Daniel Miller wrote:
> On 8/3/2017 6:11 AM, Teemu Huovila wrote:
>>
>> On 02.08.2017 23:35, Daniel Miller wrote:
>>> Is there explicit documentation available for the (probably trivial) 
>>> configuration needed for Dovecot and Wforce?  I'm probably missing 
>>> something that should be perfectly obvious...
>>>
>>> Wforce appears to start without errors.  I added a file to dovecot's 
>>> conf.d:
>>>
>>> 95-policy.conf:
>>> auth_policy_server_url = http://localhost:8084/
>>> auth_policy_hash_nonce = this_is_my_super_secret_something
>>>
>>> Looking at the Wforce console I see:
>>>
>>> WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web 
>>> Authentication failed
>>>
>>> In wforce.conf I have the (default):
>>>
>>> webserver("0.0.0.0:8084", "--WEBPWD")
>>>
>>> Do I need to change the "--WEBPWD"?  Do I need to specify something 
>>> in the Dovecot config?
>> You could try putting an actual password, in plain text, where 
>> --WEBPWD is. Then add that base64 encoded to dovecot setting 
>> auth_policy_server_api_header.
>>
> I knew it would be something like that.  I've made some changes but 
> I'm still not there.  I presently have:
>
> webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe")
> in wforce.conf (and I've tried with and without the --WEBPWD)
>
> and
>
> auth_policy_server_api_header = Authorization: Basic 
> dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl
> in 95-policy.conf for dovecot
>
> Obviously I'm still formatting something wrong.
>
I think I've got something working a little better.  I'm using:
webserver("0.0.0.0:8084", "ultra-secret-secure-safe")
(so I remove the --WEBPWD - that's a placeholder, not a argument 
declaration)

and for dovecot, the base64 encoding needs to be "wforce:password" 
instead of just the password.

Now I have to see what else needs to be tweaked.

Daniel



More information about the dovecot mailing list