<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>wforce is the username always.</p>
<p>auth_policy_hash_nonce should be set to a pseudorandom value that
is shared by your server(s). Weakforced does not need it for
anything.</p>
<p>auth_policy_server_api_header should be set to Authorization:
Basic <echo -n wforce:our_password | base64></p>
<p>without the < >.<br>
</p>
<p>Aki<br>
</p>
<div class="moz-cite-prefix">On 6.3.2019 20.42, Robert Kudyba via
dovecot wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFHi+KQ1BUyR5706SFYuCCm9Bk0Tb2iLR7XEGCcKn=nQoBNH4w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>I took suggestions from <a
href="https://forge.puppet.com/fraenki/wforce"
moz-do-not-send="true">https://forge.puppet.com/fraenki/wforce</a>
to set these in /etc/dovecot/conf.d/95-auth.conf</div>
<div><br>
</div>
<div>auth_policy_server_url = <a
href="http://localhost:8084/"
moz-do-not-send="true">http://localhost:8084/</a></div>
<div>auth_policy_hash_nonce = our_password</div>
<div>auth_policy_server_api_header = "Authorization:
Basic hash_from_running_echo-n_base64"</div>
<div>auth_policy_server_timeout_msecs = 2000</div>
<div>auth_policy_hash_mech = sha256</div>
<div>auth_policy_request_attributes =
login=%{requested_username}
pwhash=%{hashed_password} remote=%{rip}
device_id=%{client_id} protocol=%s</div>
<div>auth_policy_reject_on_fail = no</div>
<div>auth_policy_hash_truncate = 8</div>
<div>auth_policy_check_before_auth = yes</div>
<div>auth_policy_check_after_auth = yes</div>
<div>auth_policy_report_after_auth = yes</div>
<div><br>
</div>
<div>And auth_debug=yes</div>
<div><br>
</div>
<div>in /usr/local/etc/wforce.conf</div>
<div>webserver("<a href="http://0.0.0.0:8084"
moz-do-not-send="true">0.0.0.0:8084</a>",
"our_password")<br>
</div>
<div>So when I run:</div>
<div>curl -X POST -H "Content-Type: application/json"
--data '{"login":"ouruser", "remote": "127.0.0.1",
"pwhash":"our_password"}' <a
href="http://127.0.0.1:8084/?command=allow"
moz-do-not-send="true">http://127.0.0.1:8084/?command=allow</a>
-u wforce:our_passwordi</div>
<div>{"msg": "", "r_attrs": {"defaultReturn": "1"},
"status": 0}<br>
</div>
<div><br>
</div>
<div>What's the value of wforce and super represent?
-u for user? and super is the password for the user?</div>
<div>
<pre style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:13.6px;margin-bottom:16px;margin-top:0px;background-color:rgb(246,248,250);border-radius:3px;line-height:1.45;overflow:auto;padding:16px;color:rgb(36,41,46)"><code style="box-sizing:border-box;font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;background:transparent;border-radius:3px;margin:0px;padding:0px;border:0px;word-break:normal;display:inline;line-height:inherit;overflow:visible">curl -X GET <a href="http://127.0.0.1:8084/?command=ping" moz-do-not-send="true">http://127.0.0.1:8084/?command=ping</a> -u wforce:super</code></pre>
</div>
<div>I always get: </div>
<div>{"status":"failure", "reason":"Unauthorized"}<br>
</div>
<div><br>
</div>
<div>Using Squirrelmail and logging in brings up the
mails but I see these Policy server HTTP error: 401
Unauthorized errors over and over:</div>
<div>
<div><br>
</div>
<div>Mar 06 13:32:16 auth: Debug: http-client: peer
<a href="http://127.0.0.1:8084"
moz-do-not-send="true">127.0.0.1:8084</a>:
Successfully connected (1 connections exist, 0
pending)</div>
<div>Mar 06 13:32:16 auth: Debug: http-client[1]:
peer <a href="http://127.0.0.1:8084"
moz-do-not-send="true">127.0.0.1:8084</a>: Using
1 idle connections to handle 1 requests (1 <br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</body>
</html>