how to enable PowerDNS/Weakforced with Fedora and sendmail
Aki Tuomi
aki.tuomi at open-xchange.com
Thu Mar 7 09:42:46 EET 2019
wforce is the username always.
auth_policy_hash_nonce should be set to a pseudorandom value that is
shared by your server(s). Weakforced does not need it for anything.
auth_policy_server_api_header should be set to Authorization: Basic
<echo -n wforce:our_password | base64>
without the < >.
Aki
On 6.3.2019 20.42, Robert Kudyba via dovecot wrote:
> I took suggestions from https://forge.puppet.com/fraenki/wforce to set
> these in /etc/dovecot/conf.d/95-auth.conf
>
> auth_policy_server_url = http://localhost:8084/
> auth_policy_hash_nonce = our_password
> auth_policy_server_api_header = "Authorization: Basic
> hash_from_running_echo-n_base64"
> auth_policy_server_timeout_msecs = 2000
> auth_policy_hash_mech = sha256
> auth_policy_request_attributes = login=%{requested_username}
> pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
> auth_policy_reject_on_fail = no
> auth_policy_hash_truncate = 8
> auth_policy_check_before_auth = yes
> auth_policy_check_after_auth = yes
> auth_policy_report_after_auth = yes
>
> And auth_debug=yes
>
> in /usr/local/etc/wforce.conf
> webserver("0.0.0.0:8084 <http://0.0.0.0:8084>", "our_password")
> So when I run:
> curl -X POST -H "Content-Type: application/json" --data
> '{"login":"ouruser", "remote": "127.0.0.1", "pwhash":"our_password"}'
> http://127.0.0.1:8084/?command=allow -u wforce:our_passwordi
> {"msg": "", "r_attrs": {"defaultReturn": "1"}, "status": 0}
>
> What's the value of wforce and super represent? -u for user? and super
> is the password for the user?
> |curl -X GET http://127.0.0.1:8084/?command=ping -u wforce:super|
> I always get:
> {"status":"failure", "reason":"Unauthorized"}
>
> Using Squirrelmail and logging in brings up the mails but I see these
> Policy server HTTP error: 401 Unauthorized errors over and over:
>
> Mar 06 13:32:16 auth: Debug: http-client: peer 127.0.0.1:8084
> <http://127.0.0.1:8084>: Successfully connected (1 connections exist,
> 0 pending)
> Mar 06 13:32:16 auth: Debug: http-client[1]: peer 127.0.0.1:8084
> <http://127.0.0.1:8084>: Using 1 idle connections to handle 1 requests (1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190307/9e7025eb/attachment.html>
More information about the dovecot
mailing list