why is dovecot "Allowing any password"
Aki Tuomi
aki.tuomi at dovecot.fi
Wed Mar 21 18:43:38 EET 2018
> On 21 March 2018 at 18:31 mj <lists at merit.unu.edu> wrote:
>
>
> Hi AKi,
>
> Thanks for the quick answer!
>
> On 03/21/2018 05:24 PM, Aki Tuomi wrote:
> > This is what 'nopassword=y' does. I'm guessing this is an attempt to allow logging in from localhost without password, but I'd use master password (for applications or webmails), or
>
> Yes, the config is taken from the SOGo configuration guide, which can be
> seen here:
> https://sogo.nu/files/docs/v2/SOGoNativeOutlookConfigurationGuide.html
>
> Yes, but we have args = nopassword=y allow_nets=127.0.0.1/32
> so it should only allow passwordless logins from localhost, right..?
>
> And in "Debug: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): Allowing any
> password" 1.2.3.4 is NOT localhost...
>
> (obviously 1.2.3.4 is not the *real* ip, bit it's a *real* ip from the
> internet, NOT localhost...
>
> MJ
Looking at the code for v2.2.13, it would seem that
a) when using nopassword, it will log the debug row in any case
b) allow_nets will fail the authentication by setting request failed
Mar 21 07:13:48 mail dovecot: auth: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets check failed: IP not in allowed networks
this indicates that the request is marked failed.
I would, still, recommend using doveadm exec imap -u instead of the static passdb.
Aki
More information about the dovecot
mailing list