<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>wforce is the username always.</p>
    <p>auth_policy_hash_nonce should be set to a pseudorandom value that
      is shared by your server(s). Weakforced does not need it for
      anything.</p>
    <p>auth_policy_server_api_header should be set to Authorization:
      Basic <echo -n wforce:our_password | base64></p>
    <p>without the < >.<br>
    </p>
    <p>Aki<br>
    </p>
    <div class="moz-cite-prefix">On 6.3.2019 20.42, Robert Kudyba via
      dovecot wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAFHi+KQ1BUyR5706SFYuCCm9Bk0Tb2iLR7XEGCcKn=nQoBNH4w@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div dir="ltr">
          <div dir="ltr">
            <div dir="ltr">
              <div dir="ltr">
                <div dir="ltr">
                  <div>I took suggestions from <a
                      href="https://forge.puppet.com/fraenki/wforce"
                      moz-do-not-send="true">https://forge.puppet.com/fraenki/wforce</a>
                    to set these in /etc/dovecot/conf.d/95-auth.conf</div>
                  <div><br>
                  </div>
                  <div>auth_policy_server_url = <a
                      href="http://localhost:8084/"
                      moz-do-not-send="true">http://localhost:8084/</a></div>
                  <div>auth_policy_hash_nonce = our_password</div>
                  <div>auth_policy_server_api_header = "Authorization:
                    Basic hash_from_running_echo-n_base64"</div>
                  <div>auth_policy_server_timeout_msecs = 2000</div>
                  <div>auth_policy_hash_mech = sha256</div>
                  <div>auth_policy_request_attributes =
                    login=%{requested_username}
                    pwhash=%{hashed_password} remote=%{rip}
                    device_id=%{client_id} protocol=%s</div>
                  <div>auth_policy_reject_on_fail = no</div>
                  <div>auth_policy_hash_truncate = 8</div>
                  <div>auth_policy_check_before_auth = yes</div>
                  <div>auth_policy_check_after_auth = yes</div>
                  <div>auth_policy_report_after_auth = yes</div>
                  <div><br>
                  </div>
                  <div>And auth_debug=yes</div>
                  <div><br>
                  </div>
                  <div>in /usr/local/etc/wforce.conf</div>
                  <div>webserver("<a href="http://0.0.0.0:8084"
                      moz-do-not-send="true">0.0.0.0:8084</a>",
                    "our_password")<br>
                  </div>
                  <div>So when I run:</div>
                  <div>curl -X POST -H "Content-Type: application/json"
                    --data '{"login":"ouruser", "remote": "127.0.0.1",
                    "pwhash":"our_password"}' <a
                      href="http://127.0.0.1:8084/?command=allow"
                      moz-do-not-send="true">http://127.0.0.1:8084/?command=allow</a>
                    -u wforce:our_passwordi</div>
                  <div>{"msg": "", "r_attrs": {"defaultReturn": "1"},
                    "status": 0}<br>
                  </div>
                  <div><br>
                  </div>
                  <div>What's the value of wforce and super represent?
                    -u for user? and super is the password for the user?</div>
                  <div>
                    <pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-bottom:16px;margin-top:0px;background-color:rgb(246,248,250);border-radius:3px;line-height:1.45;overflow:auto;padding:16px;color:rgb(36,41,46)"><code style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;background:transparent;border-radius:3px;margin:0px;padding:0px;border:0px;word-break:normal;display:inline;line-height:inherit;overflow:visible">curl -X GET <a href="http://127.0.0.1:8084/?command=ping" moz-do-not-send="true">http://127.0.0.1:8084/?command=ping</a> -u wforce:super</code></pre>
                  </div>
                  <div>I always get: </div>
                  <div>{"status":"failure", "reason":"Unauthorized"}<br>
                  </div>
                  <div><br>
                  </div>
                  <div>Using Squirrelmail and logging in brings up the
                    mails but I see these Policy server HTTP error: 401
                    Unauthorized errors over and over:</div>
                  <div>
                    <div><br>
                    </div>
                    <div>Mar 06 13:32:16 auth: Debug: http-client: peer
                      <a href="http://127.0.0.1:8084"
                        moz-do-not-send="true">127.0.0.1:8084</a>:
                      Successfully connected (1 connections exist, 0
                      pending)</div>
                    <div>Mar 06 13:32:16 auth: Debug: http-client[1]:
                      peer <a href="http://127.0.0.1:8084"
                        moz-do-not-send="true">127.0.0.1:8084</a>: Using
                      1 idle connections to handle 1 requests (1 <br>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
  </body>
</html>