<html><body><span class="xfm_18901067">My configuration already contained these parameters (auth_debug=yes and auth_verbose=yes). I enter the same password in case of SSL-authorization and in case of authorization by certificate. In first case password has accepted, in second case password has rejected. I have no ideas.<br/><br/><div style="font-size:0.9em;font-style:italic;"> --- Исходное сообщение ---<br/> От кого: "Aki Tuomi" <aki.tuomi@dovecot.fi><br/>  Дата: 1 февраля 2018, 12:09:05<br/></div> <br/><blockquote class="xfmc1" style="border-left:1px solid rgb(204, 204, 204);margin:0px 0px 0px 0.8ex;padding-left:1ex;"><span><span></span><span bgcolor="#FFFFFF">
    <p>You probably need to also enable</p>
    <p>auth_debug=yes</p>
    <p>auth_verbose=yes</p>
    <p>also, are you sure you just don't have wrong password?<br/></p>
    <p><br/></p>
    <p>Aki<br/></p>
    <br/><div class="xfmc2">On 01.02.2018 12:08, yuryb wrote:<br/></div>
    <blockquote type="cite"><span>
        <div><span style="font-size:0.9em;">I have added "</span><span style="font-size:16px;">auth_debug_password=yes" to
            "10-logging.conf" and restarted dovecot. </span>But I do not
          see any information about the password in the logs. Does this
          mean that the thunderbird does not send the password? Although
          it asks for the password and I enter one.</div>
        <div>New log:</div>
        <div>
          <div>dovecot: master: Warning: Killed with signal 15 (by
            pid=19769 uid=0 code=kill)</div>
          <div>dovecot: master: Dovecot v2.2.24 (a82c823) starting up
            for imap, pop3</div>
          <div>dovecot: imap-login: Valid certificate:
            /C=UA/ST=Kyiv/L=Kyiv/O=Contoso Ltd: user=<>,
            rip=10.1.1.59, lip=10.1.1.99, TLS handshaking,
            session=<pOTtkSNkxNoKAQE7></div>
          <div>dovecot: imap-login: Valid certificate:
            /C=UA/ST=Kyiv/O=Contoso
            <a class="xfmc3" href="mailto:Ltd/OU=IT/CN=sysadmin/emailAddress=sysadmin@contoso.ua" target="_blank" rel="noreferrer noopener">Ltd/OU=IT/CN=sysadmin/emailAddress=sysadmin@contoso.ua</a>:
            user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS
            handshaking, session=<pOTtkSNkxNoKAQE7></div>
          <div>dovecot: auth:
            passwd-file(sysadmin,10.1.1.59,<pOTtkSNkxNoKAQE7>):
            Password mismatch</div>
          <div>dovecot: imap-login: Disconnected (auth failed, 1
            attempts in 99 secs): user=<sysadmin>,
            method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99, TLS,
            session=<pOTtkSNkxNoKAQE7></div>
        </div>
        <br/><blockquote class="xfmc4" style="border-left:1px solid rgb(204,           204, 204);margin:0px 0px 0px 0.8ex;padding-left:1ex;"><span><span></span><span bgcolor="#FFFFFF">
              <p>Try adding auth_debug_password=yes</p>
              <p>Aki<br/></p>
              <br/><div class="xfmc5">On 01.02.2018 10:27, yuryb wrote:<br/></div>
              <blockquote type="cite"><span>We have FreeBSD-server with
                  dovecot installed on it as IMAP-server. My user and
                  password database is a text file with plaintext
                  passwords. Clients connect to imap-server via TLS
                  protocol and plaintext password. All works fine. But I
                  want to configure ability to authorize with a client
                  certificates. I have generated a client certificate
                  and imported it to email-client. Also I have
                  configured dovecot to verify client certificates. But
                  email-client cannot authorize: Password mismatch. Why
                  dovecot reject my password in this case? Please help!<br/><br/>
                  My log:
                  <div>
                    <div>dovecot: imap-login: Valid certificate:
                      /C=UA/ST=Kyiv/L=Kyiv/O=Contoso Ltd: user=<>,
                      rip=10.1.1.59, lip=10.1.1.99, TLS handshaking,
                      session=<fp5P5SBkhtMKAQE7></div>
                    <div>dovecot: imap-login: Valid certificate:
                      /C=UA/ST=Kyiv/O=Contoso <a class="xfmc6" href="mailto:Ltd/OU=IT/CN=sysadmin/emailAddress=sysadmin@contoso.ua" target="_blank" rel="noreferrer noopener">Ltd/OU=IT/CN=sysadmin/emailAddress=sysadmin@contoso.ua</a>:
                      user=<>, rip=10.1.1.59, lip=10.1.1.99, TLS
                      handshaking, session=<fp5P5SBkhtMKAQE7></div>
                    <div>dovecot: auth:
                      passwd-file(sysadmin,10.1.1.59,<fp5P5SBkhtMKAQE7>):
                      Password mismatch</div>
                    <div>dovecot: imap-login: Disconnected (auth failed,
                      1 attempts in 6 secs): user=<sysadmin>,
                      method=EXTERNAL, rip=10.1.1.59, lip=10.1.1.99,
                      TLS, session=<fp5P5SBkhtMKAQE7></div>
                    <div><br/></div>
                    <div>My configuration:</div>
                    <div>
                      <div># 2.2.24 (a82c823):
                        /usr/local/etc/dovecot/dovecot.conf</div>
                      <div># OS: FreeBSD 10.2-RELEASE-p20 amd64  ufs</div>
                      <div>auth_debug = yes</div>
                      <div>auth_mechanisms = plain login external</div>
                      <div>auth_ssl_require_client_cert = yes</div>
                      <div>auth_ssl_username_from_cert = yes</div>
                      <div>auth_username_format = %Ln</div>
                      <div>auth_verbose = yes</div>
                      <div>disable_plaintext_auth = no</div>
                      <div>lda_mailbox_autocreate = yes</div>
                      <div>mail_debug = yes</div>
                      <div>mail_gid = 999</div>
                      <div>mail_location = maildir:/mnt/mail/%n</div>
                      <div>mail_uid = 999</div>
                      <div>namespace inbox {</div>
                      <div>  inbox = yes</div>
                      <div>  location =</div>
                      <div>  mailbox Drafts {</div>
                      <div>    special_use = \Drafts</div>
                      <div>  }</div>
                      <div>  mailbox Junk {</div>
                      <div>    special_use = \Junk</div>
                      <div>  }</div>
                      <div>  mailbox Sent {</div>
                      <div>    special_use = \Sent</div>
                      <div>  }</div>
                      <div>  mailbox "Sent Messages" {</div>
                      <div>    special_use = \Sent</div>
                      <div>  }</div>
                      <div>  mailbox Trash {</div>
                      <div>    special_use = \Trash</div>
                      <div>  }</div>
                      <div>  prefix =</div>
                      <div>}</div>
                      <div>passdb {</div>
                      <div>  args = /usr/local/etc/dovecot/users</div>
                      <div>  driver = passwd-file</div>
                      <div>}</div>
                      <div>protocols = imap pop3</div>
                      <div>service auth {</div>
                      <div>  unix_listener
                        /var/spool/postfix/private/auth {</div>
                      <div>    group = postfix</div>
                      <div>    mode = 0660</div>
                      <div>    user = postfix</div>
                      <div>  }</div>
                      <div>  unix_listener auth-userdb {</div>
                      <div>    group = vmail</div>
                      <div>    mode = 0660</div>
                      <div>    user = vmail</div>
                      <div>  }</div>
                      <div>}</div>
                      <div>service imap-login {</div>
                      <div>  inet_listener imaps {</div>
                      <div>    ssl = yes</div>
                      <div>  }</div>
                      <div>}</div>
                      <div>ssl_ca = </etc/ssl/cacert.pem</div>
                      <div>ssl_cert = </etc/ssl/certs/dovecot.pem</div>
                      <div>ssl_dh_parameters_length = 2048</div>
                      <div>ssl_key = </etc/ssl/private/dovecot.pem</div>
                      <div>ssl_prefer_server_ciphers = yes</div>
                      <div>ssl_protocols = !SSLv2 !SSLv3 !TLSv1</div>
                      <div>ssl_require_crl = no</div>
                      <div>ssl_verify_client_cert = yes</div>
                      <div>userdb {</div>
                      <div>  args = /usr/local/etc/dovecot/users</div>
                      <div>  driver = passwd-file</div>
                      <div>}</div>
                      <div>verbose_ssl = yes</div>
                    </div>
                    <div><br/></div>
                  </div>
                </span> </blockquote>
              <br/></span></span></blockquote>
      </span>
    </blockquote>
    <br/></span></span></blockquote>   </span></body></html>