Lookup master userdb used with GSSAPI causes auth-worker to report "Error: BUG: PASSL had invalid passdb ID"
Filip Matijević
filip.matijevic.pz at gmail.com
Sat Jan 25 18:36:56 EET 2020
Hello to everybody,
I'm in the process of setting up test mail server (Ubuntu 19.10 amd64
running as VM under Hyper-V) and got stuck on configuring master user
authentication. I use GSSAPI authentication in parallel with PLAIN/LOGIN
(pam backend that authenticates against my Active Directory domain) and
this works as intended. I then tried adding simple static master passdb
that simply returns nopassword='y' and k5principals=... for test and it
also works OK.
Sadly, using any other backend (I've tried lua and sql) for master passdb
instead of static in combination with GSSAPI client causes auth-worker to
report "Error: BUG: PASSL had invalid passdb ID". I took a look at the code
and my best guess is that in case of GSSAPI + sql/lua master passdb we end
up with call to auth_worker_handle_passl with id that
auth_worker_handle_passl considers invalid. Continuing with guesswork, I
imagine that since GSSAPI doesn't really need passdb in config "virtual"
passdb is generated "on the fly" in code. I even tried explicitly defining
static passdb with mechanisms set to gssapi to try to force dovecot to use
that one instead but it didn't make any difference. At the same time, below
configuration works OK when client authenticates with plain/login.
dovecot -n (some settings omitted for brevity):
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/dovecot.keytab
auth_master_user_separator = *
auth_mechanisms = plain login gssapi
passdb {
args = /etc/dovecot/dovecot-sql-master.conf
driver = sql
master = yes
}
passdb {
driver = pam
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
Any help is appreciated, even if it requires code changes - I can set up
machine with everything needed for building/debugging the source code.
Thanks,
Filip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20200125/aaeba829/attachment.html>
More information about the dovecot
mailing list