please help this newbie get started

Christian Kivalo ml+dovecot at valo.at
Sun Feb 5 16:14:43 UTC 2017 


Am 5. Februar 2017 15:14:51 MEZ schrieb drbobllc at yahoo.com:
>1. The man page I get is slightly different:
>%    man 5 passwd
>PASSWD(5)                 FreeBSD File Formats Manual               
>PASSWD(5)
>
>NAME
>     passwd, master.passwd -- format of the password file
>
>DESCRIPTION
>     The passwd files are the local source of password information. 
>They can
>     be used in conjunction with the Hesiod domains `passwd' and `uid',
>and
>     the NIS maps `passwd.byname', `passwd.byuid',
>`master.passwd.byname', and
>     `master.passwd.byuid', as controlled by nsswitch.conf(5).
>
>     For consistency, none of these files should ever be modified
>manually.
>
>     The master.passwd file is readable only by root, and consists of
>newline
>     separated records, one per user, containing ten colon (`:')
>separated
>     fields.  These fields are as follows:
>
>     [...]
>
>     The passwd file is generated from the master.passwd file by
>pwd_mkdb(8),
>     has the class, change, and expire fields removed, and the password
>field
>     replaced by a `*' character.
>
>     [...]
>     In the master.passwd file, the password field is the encrypted
>form of
>     the password, see crypt(3).  If the password field is empty, no
>password
>     will be required to gain access to the machine.  This is almost
>invari-
>     ably a mistake, so authentication components such as PAM can
>forcibly
>     disallow remote access to passwordless accounts.  Because this
>file con-
>     tains the encrypted user passwords, it should not be readable by
>anyone
>     without appropriate privileges.
>
>     A password of `*' indicates that password authentication is
>disabled for
>     that account (logins through other forms of authentication, e.g.,
>using
>     ssh(1) keys, will still work).  The field only contains encrypted
>pass-
>     words, and `*' can never be the result of encrypting a password.
> Do I need to tell dovecot to check master.passwd instead of passwd?
You could try using passwd-file as passdb but i have never used anything else than pam and sql.

>2. Is my (simple) passdb OK?
>
>passdb {
>  args = blocking=no
>  driver = passwd
>}
>I guess it would be easy to try it without the "args" line.
>4. Sometimes I log in as www to do web page stuff, so files are owned
>by www. www has a shell, and a password, and can ssh fine.

Whats the uid of 'www'?
See http://wiki2.dovecot.org/UserIds the part about uids. It could be that the www user has a uid below 500 and therefore login is disabled with the default settings.

Christian

>Thanks for your help!
>Bob
>
>On Sunday, February 5, 2017 2:58 AM, Christian Kivalo
><ml+dovecot at valo.at> wrote:
> 
>>dovecot: auth: passwd(xxx,xxx,<40AjQMFHSLVLGJAC>): invalid password
>>field '*'
>
>The '*' in passwd password field stands for login disabled. See man 5
>passwd or http://www.manpages.info/freebsd/passwd.5.html
>
>>-ERR [AUTH] Authentication failed.
>
>This is probably because the users login is disabled.
>
>In one oft your provided log outputs you are trying to login as user
>'www'. Why? The webserver user has the login normaly disabled.
>

More information about the dovecot mailing list