please help this newbie get started

Sun Feb 5 14:14:51 UTC 2017

1. The man page I get is slightly different:
%    man 5 passwd
PASSWD(5)                 FreeBSD File Formats Manual                PASSWD(5)

NAME
     passwd, master.passwd -- format of the password file

DESCRIPTION
     The passwd files are the local source of password information.  They can
     be used in conjunction with the Hesiod domains `passwd' and `uid', and
     the NIS maps `passwd.byname', `passwd.byuid', `master.passwd.byname', and
     `master.passwd.byuid', as controlled by nsswitch.conf(5).

     For consistency, none of these files should ever be modified manually.

     The master.passwd file is readable only by root, and consists of newline
     separated records, one per user, containing ten colon (`:') separated
     fields.  These fields are as follows:

     [...]

     The passwd file is generated from the master.passwd file by pwd_mkdb(8),
     has the class, change, and expire fields removed, and the password field
     replaced by a `*' character.

     [...]
     In the master.passwd file, the password field is the encrypted form of
     the password, see crypt(3).  If the password field is empty, no password
     will be required to gain access to the machine.  This is almost invari-
     ably a mistake, so authentication components such as PAM can forcibly
     disallow remote access to passwordless accounts.  Because this file con-
     tains the encrypted user passwords, it should not be readable by anyone
     without appropriate privileges.

     A password of `*' indicates that password authentication is disabled for
     that account (logins through other forms of authentication, e.g., using
     ssh(1) keys, will still work).  The field only contains encrypted pass-
     words, and `*' can never be the result of encrypting a password.
 Do I need to tell dovecot to check master.passwd instead of passwd?
2. Is my (simple) passdb OK?

passdb {
  args = blocking=no
  driver = passwd
}
I guess it would be easy to try it without the "args" line.
4. Sometimes I log in as www to do web page stuff, so files are owned by www. www has a shell, and a password, and can ssh fine.
Thanks for your help!
Bob

    On Sunday, February 5, 2017 2:58 AM, Christian Kivalo <ml+dovecot at valo.at> wrote:

>dovecot: auth: passwd(xxx,xxx,<40AjQMFHSLVLGJAC>): invalid password
>field '*'

The '*' in passwd password field stands for login disabled. See man 5 passwd or http://www.manpages.info/freebsd/passwd.5.html

>-ERR [AUTH] Authentication failed.

This is probably because the users login is disabled.

In one oft your provided log outputs you are trying to login as user 'www'. Why? The webserver user has the login normaly disabled.