Director & Master Users

Travis Dolan travis.dolan at gmail.com
Thu Feb 15 21:19:27 EET 2018


Awesome, thanks for the advice. Using the following now works...

passdb {

driver = static

args = proxy=y password=doesnotmatter

}

Cheers.

  
On Feb 15 2018, at 2:40 pm, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:  

> > On 15 February 2018 at 20:22 Travis Dolan <travis.dolan at gmail.com> wrote:  
>  
>  
> Hello,  
>  
> I have Director setup to proxy requests to backend servers. This works fine  
> when using "standard" username/passwords.  
>  
> I am not try to enable the use of the Dovecot Master user through Director  
> into the backend servers.  
>  
> a.) username is being sent as masteruser*username  
> b.) request hits the proxy and authenticates, and then is passed to the  
> backend servers and fails auth.  
>  
> \- logs from proxy/Director point of view.  
>  
> auth: Info:  
> passwd-file(masteruser,172.31.33.224,master,<z2eYD0Rl6P+sHyHg>): Master  
> user logging in as devteam  
>  
> imap-login: Info: proxy(devteam): Login failed to backend.servers:143  
> (master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:  
> user=<devteam>, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,  
> session=<z2eYD0R  
> l6P+sHyHg>  
>  
> \- logs from backend server point of view.  
>  
> imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):  
> user=<masterusername>, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99,  
> session=<O8QN8kNlloXAqEcU>  
>  
>  
> Proxy/Director Configs (hopefully this is enough)  
>  
> auth_master_user_separator = *  
> passdb {  
> driver = passwd-file  
> args = /etc/dovecot/conf.d/master-user-password  
> master = yes  
> pass = yes  
> }  
>  
> passdb {  
> driver = static  
> args = proxy=y nopassword=y  
> }  
>  
> Please let me know if I can provide any further details.  
>  
> Thanks in advance.

>

> You could consider using "master password" instead.

>

> This works so that you configure proxy to use pass=some_static_password as
the password forward, and you can then use static passdb in director, as in

>

> passdb {  
  driver = static  
  args = password=some_static_password ....  
}

>

> This way you don't need to setup master user authentication.

>

> Aki

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180215/58c5dc7b/attachment.html>


More information about the dovecot mailing list