<p>It would look as though the changes have now negatively affected a "normal" user from logging in.</p><p></p><p>telnet host 143</p><p>a login username password</p><p></p><p>a NO [AUTHENTICATIONFAILED] Authentication failed.</p><p></p><p>telnet host 143</p><p>1 login devteam*masteruser@example.com password</p><p></p><p>1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE QUOTA] Logged in</p><p></p><p>What do you think?</p><p></p><p>Thanks.</p>
<div id="umuse-quoted-text-marker">
<div class="gmail_quote">
<br>
On Feb 15 2018, at 3:19 pm, Travis Dolan <travis.dolan@gmail.com> wrote:
<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<p>Awesome, thanks for the advice. Using the following now works...</p><p></p><p>passdb {</p><p> driver = static</p><p> args = proxy=y password=doesnotmatter</p><p>}</p><p></p><p>Cheers.</p>
<div id="umuse-quoted-text-marker">
<div>
<br />
On Feb 15 2018, at 2:40 pm, Aki Tuomi <aki.tuomi@dovecot.fi> wrote:
<br />
<blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<p>> On 15 February 2018 at 20:22 Travis Dolan <travis.dolan@gmail.com> wrote:<br />> <br />> <br />> Hello,<br />> <br />> I have Director setup to proxy requests to backend servers. This works fine<br />> when using "standard" username/passwords.<br />> <br />> I am not try to enable the use of the Dovecot Master user through Director<br />> into the backend servers.<br />> <br />> a.) username is being sent as masteruser*username<br />> b.) request hits the proxy and authenticates, and then is passed to the<br />> backend servers and fails auth.<br />> <br />> - logs from proxy/Director point of view.<br />> <br />> auth: Info:<br />> passwd-file(masteruser,172.31.33.224,master,<z2eYD0Rl6P+sHyHg>): Master<br />> user logging in as devteam<br />> <br />> imap-login: Info: proxy(devteam): Login failed to backend.servers:143<br />> (master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:<br />> user=<devteam>, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,<br />> session=<z2eYD0R<br />> l6P+sHyHg><br />> <br />> - logs from backend server point of view.<br />> <br />> imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):<br />> user=<masterusername>, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99,<br />> session=<O8QN8kNlloXAqEcU><br />> <br />> <br />> Proxy/Director Configs (hopefully this is enough)<br />> <br />> auth_master_user_separator = *<br />> passdb {<br />> driver = passwd-file<br />> args = /etc/dovecot/conf.d/master-user-password<br />> master = yes<br />> pass = yes<br />> }<br />> <br />> passdb {<br />> driver = static<br />> args = proxy=y nopassword=y<br />> }<br />> <br />> Please let me know if I can provide any further details.<br />> <br />> Thanks in advance.</p>
<p>You could consider using "master password" instead.</p>
<p>This works so that you configure proxy to use pass=some_static_password as the password forward, and you can then use static passdb in director, as in</p>
<p>passdb {<br /> driver = static<br /> args = password=some_static_password ....<br />}</p>
<p>This way you don't need to setup master user authentication.</p>
<p>Aki</p>
</blockquote>
</div>
</div>
</blockquote>
</div>
</div>