IMAP frontend authenticating proxy with GSSAPI/Kerberos SSO

Gert van Dijk gertvdijk+dovecot at gmail.com
Thu Aug 1 17:24:06 EEST 2019


On Thu, Aug 1, 2019 at 3:42 PM Timo Sirainen <timo at sirainen.com> wrote:
>
> On 1 Aug 2019, at 12.26, Gert van Dijk via dovecot <dovecot at dovecot.org> wrote:
> >
> > passdb {
> >  args = proxy=y host=127.0.0.1 port=1143 pass=#hidden_use-P_to_show#
> ..
> > auth: Info: static(username,1.2.3.4,<9WOjSwWP8toKAAYE>): No password
> > returned (and no nopassword)
>
> I think this is why it's not using the passdb at all. Try adding password=something to the args.

Thanks for your quick reply.

    passdb {
      driver = static
      args = proxy=y host=127.0.0.1 port=1143 pass=masterpass password=something
    }

indeed does the trick:

    imap-login: Info: proxy(username): started proxying to
127.0.0.1:1143: user=<username>, method=GSSAPI, rip=1.2.3.4,
lip=9.9.9.9, TLS, session=<iJvnvg6P8KEKAAYE>

Also nopassword=y instead of password=something works, which I think
is even better.

I was also able to remove the mail_location / mail_uid / mail_gid settings. :-)

Thanks a million!

(I now have a new error, listing subfolders errors in IMAP clients. Oh well...,
another thing to dive in another time.)

Gert van Dijk


More information about the dovecot mailing list