<html><body><span class="xfm_34399062"><div><span style="font-size:0.9em;">I have added "</span><span style="font-size:16px;">auth_debug_password=yes" to "10-logging.conf" and restarted dovecot. </span>But I do not see any information about the password in the logs. Does this mean that the thunderbird does not send the password? Although it asks for the password and I enter one.</div><div>New log:</div><div><div>dovecot: master: Warning: Killed with signal 15 (by pid=19769 uid=0 code=kill)</div><div>dovecot: master: Dovecot v2.2.24 (a82c823) starting up for imap, pop3</div><div>dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/L=Kyiv/O=Contoso Ltd: user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, session=<pOTtkSNkxNoKAQE7></div><div>dovecot: imap-login: Valid certificate: /C=UA/ST=Kyiv/O=Contoso Ltd/OU=IT/CN=sysadmin/emailAddress=sysadmin@contoso.ua: user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS handshaking, session=<pOTtkSNkxNoKAQE7></div><div>dovecot: auth: passwd-file(sysadmin,10.1.1.59,<pOTtkSNkxNoKAQE7>): Password mismatch</div><div>dovecot: imap-login: Disconnected (auth failed, 1 attempts in 99 secs): user=<sysadmin>, method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99, TLS, session=<pOTtkSNkxNoKAQE7></div></div> <br/><blockquote class="xfmc1" style="border-left:1px solid rgb(204, 204, 204);margin:0px 0px 0px 0.8ex;padding-left:1ex;"><span><span></span><span bgcolor="#FFFFFF">
<p>Try adding auth_debug_password=yes</p>
<p>Aki<br/></p>
<br/><div class="xfmc2">On 01.02.2018 10:27, yuryb wrote:<br/></div>
<blockquote type="cite"><span>We have FreeBSD-server with dovecot
installed on it as IMAP-server. My user and password database is
a text file with plaintext passwords. Clients connect to
imap-server via TLS protocol and plaintext password. All works
fine. But I want to configure ability to authorize with a client
certificates. I have generated a client certificate and imported
it to email-client. Also I have configured dovecot to verify
client certificates. But email-client cannot authorize: Password
mismatch. Why dovecot reject my password in this case? Please
help!<br/><br/>
My log:
<div>
<div>dovecot: imap-login: Valid certificate:
/C=UA/ST=Kyiv/L=Kyiv/O=Contoso Ltd: user=<>,
rip=10.1.1.59, lip=10.1.1.99, TLS handshaking,
session=<fp5P5SBkhtMKAQE7></div>
<div>dovecot: imap-login: Valid certificate:
/C=UA/ST=Kyiv/O=Contoso
<a class="xfmc3" href="mailto:Ltd/OU=IT/CN=sysadmin/emailAddress=sysadmin@contoso.ua" target="_blank" rel="noreferrer noopener">Ltd/OU=IT/CN=sysadmin/emailAddress=sysadmin@contoso.ua</a>:
user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS
handshaking, session=<fp5P5SBkhtMKAQE7></div>
<div>dovecot: auth:
passwd-file(sysadmin,10.1.1.59,<fp5P5SBkhtMKAQE7>):
Password mismatch</div>
<div>dovecot: imap-login: Disconnected (auth failed, 1
attempts in 6 secs): user=<sysadmin>, method=EXTERNAL,
rip=10.1.1.59, lip=10.1.1.99, TLS,
session=<fp5P5SBkhtMKAQE7></div>
<div><br/></div>
<div>My configuration:</div>
<div>
<div># 2.2.24 (a82c823): /usr/local/etc/dovecot/dovecot.conf</div>
<div># OS: FreeBSD 10.2-RELEASE-p20 amd64 ufs</div>
<div>auth_debug = yes</div>
<div>auth_mechanisms = plain login external</div>
<div>auth_ssl_require_client_cert = yes</div>
<div>auth_ssl_username_from_cert = yes</div>
<div>auth_username_format = %Ln</div>
<div>auth_verbose = yes</div>
<div>disable_plaintext_auth = no</div>
<div>lda_mailbox_autocreate = yes</div>
<div>mail_debug = yes</div>
<div>mail_gid = 999</div>
<div>mail_location = maildir:/mnt/mail/%n</div>
<div>mail_uid = 999</div>
<div>namespace inbox {</div>
<div> inbox = yes</div>
<div> location =</div>
<div> mailbox Drafts {</div>
<div> special_use = \Drafts</div>
<div> }</div>
<div> mailbox Junk {</div>
<div> special_use = \Junk</div>
<div> }</div>
<div> mailbox Sent {</div>
<div> special_use = \Sent</div>
<div> }</div>
<div> mailbox "Sent Messages" {</div>
<div> special_use = \Sent</div>
<div> }</div>
<div> mailbox Trash {</div>
<div> special_use = \Trash</div>
<div> }</div>
<div> prefix =</div>
<div>}</div>
<div>passdb {</div>
<div> args = /usr/local/etc/dovecot/users</div>
<div> driver = passwd-file</div>
<div>}</div>
<div>protocols = imap pop3</div>
<div>service auth {</div>
<div> unix_listener /var/spool/postfix/private/auth {</div>
<div> group = postfix</div>
<div> mode = 0660</div>
<div> user = postfix</div>
<div> }</div>
<div> unix_listener auth-userdb {</div>
<div> group = vmail</div>
<div> mode = 0660</div>
<div> user = vmail</div>
<div> }</div>
<div>}</div>
<div>service imap-login {</div>
<div> inet_listener imaps {</div>
<div> ssl = yes</div>
<div> }</div>
<div>}</div>
<div>ssl_ca = </etc/ssl/cacert.pem</div>
<div>ssl_cert = </etc/ssl/certs/dovecot.pem</div>
<div>ssl_dh_parameters_length = 2048</div>
<div>ssl_key = </etc/ssl/private/dovecot.pem</div>
<div>ssl_prefer_server_ciphers = yes</div>
<div>ssl_protocols = !SSLv2 !SSLv3 !TLSv1</div>
<div>ssl_require_crl = no</div>
<div>ssl_verify_client_cert = yes</div>
<div>userdb {</div>
<div> args = /usr/local/etc/dovecot/users</div>
<div> driver = passwd-file</div>
<div>}</div>
<div>verbose_ssl = yes</div>
</div>
<div><br/></div>
</div>
</span>
</blockquote>
<br/></span></span></blockquote> </span></body></html>