Red Hat 8.0 stock dovecot 99.10 for a variety of reasons, I decided to cut over to dovecot this morning. I extracted all of my mailboxes from mbx purgatory back to mbox purgatory, set up dovecot and proceed to get authentication failures. (am using simple password based authentication either direct or through pam) I turned authentication verbosity on and got: Aug 14 11:51:38 harvee dovecot: Dovecot starting up Aug 14 11:51:46 harvee dovecot-auth: PAM: pam_authenticate(esj) failed: Authentication failure Aug 14 11:51:49 harvee dovecot-auth: PAM: pam_authenticate(esj) failed: Authentication failure Aug 14 11:51:52 harvee imap-login: Aborted login [192.168.0.10] not very informative. I already know that I can't login. So I fire up ethereal and capture the following transaction: * OK dovecot ready. 1 authenticate login 1 NO Unsupported authentication mechanism. 2 login "esj" "no peeking" 2 NO Authentication failed. 3 authenticate login 3 NO Unsupported authentication mechanism. 4 login "esj" "no peeking" 4 NO Authentication failed. 5 logout * BYE Logging out 5 OK Logout completed. hmm no unsupported authentication mechanism. So that means all authentication methods works right? ;-) looking a little further into the configuration, I see instructions to change auth_methods to add plain in front of digest-md5 (or is it digest_md5, both forms are present in the configuration file). No luck. Doing so gives me the following error message: Fatal: Error in configuration file /usr/local/etc/dovecot.conf line 430: Unknown setting: methods so, I'm not sure what to look for. It's probably something simple but googling didn't reveal anything pertinent although it turned up something amusing[1]and dovecot does apply. Suggestions or clues would be welcome. FYI, you probably could use a little bit more detail in the install instructions. For example instructing user to create a dovecot user and group name would be useful as would be a startup/shutdown script for init.d. I also find the SSL configuration lacking. On the other hand, I have enough scar tissue from certificates and mini-CA setups to hate them till the end of time. If I get them working better, I'll document and send it to the list. ---eric [1]http://www.oblomovka.com/eldritch/iag/ob1-5.htm
On Thursday, Aug 14, 2003, at 19:31 Europe/Helsinki, Eric S. Johansson wrote:> Aug 14 11:51:46 harvee dovecot-auth: PAM: pam_authenticate(esj) > failed: Authentication failure > > not very informative. I already know that I can't login. So I fire > up ethereal and capture the following transaction:Well, that's as informative as you can get from PAM :) It means that PAM decided the password was wrong. Do you have /etc/pam.d/imap file set up correctly?> 3 authenticate login > 3 NO Unsupported authentication mechanism. > > hmm no unsupported authentication mechanism. So that means all > authentication methods works right? ;-)Either your client is stupid or it tries to work around stupid servers. LOGIN command should be accepted by all servers and "login" SASL mechanism is some old not-really-standard.> looking a little further into the configuration, I see instructions to > change auth_methods to add plain in front of digest-md5 (or is it > digest_md5, both forms are present in the configuration file). No > luck. Doing so gives me the following error message: > > Fatal: Error in configuration file /usr/local/etc/dovecot.conf line > 430: Unknown setting: methodsUm.. You must have had at least one auth_methods line before or it wouldn't have worked.. And the default dovecot-example.conf contained only plain there.> FYI, you probably could use a little bit more detail in the install > instructions.Yes, I have plans to write them .. before 1.0 :)> For example instructing user to create a dovecot user and group name > would be useful as would be a startup/shutdown script for init.d. I > also find the SSL configuration lacking. On the other hand, I have > enough scar tissue from certificates and mini-CA setups to hate them > till the end of time. If I get them working better, I'll document and > send it to the list.Yea, there really should be some easier ways to manage your own CAs. I found some certificate manager written with Qt (can't remember name), but something web based could be nice too.