dovecot - Dec 2005 - Using dovecot auth with Postfix

Attempting to setup smtpd auth for Postfix using the Dovecot authorization
unix socket.

Some info is at: http://www.postfix.org/SASL_README.html

To enable operation when Postfix is chrooted, a method from the
reference above is to locate the socket at: /var/spool/postfix/private/auth

To do this, I have this configuration in dovecot.conf:

# listener sockets will be created by Dovecot's master process using the
# settings given inside the auth section
auth default_with_listener {
  mechanisms = plain
  passdb passwd {
  }
  userdb pam {
  }
  socket listen {
    master {
      path = /var/spool/postfix/private/dovecot-auth-master
      # WARNING: Giving untrusted users access to master socket may be a
      # security risk, don't give too wide permissions to it!
      mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      user       group     }
    client {
      path = /var/spool/postfix/private/dovecot-auth-master
      mode = 0660
    }
  }
}

With this configuration Dovecot writes this to the log at startup:

dovecot: Dec 31 17:04:32 Error: child 3536 (auth) returned error 89
dovecot: Dec 31 17:25:34 Error: Auth process died too early - shutting down
dovecot: Dec 31 17:25:34 Error: auth(default_with_listener): Unknown
userdb driver 'pam' (typo, or Dovecot was built without support for
it? Check with dovecot --build-options)

Before modifying the setup for this auth function, pam authentication was
working fine.

Also, Dovecot will make /auth owned by root which Postfix
considers a 'fatal' problem. Should it be setup to run as user Postfix ?

Any help here is vy appreciated

-kim

--
w8hdkim at gmail.com

I used cyrus sasl for the authentication mech when i set that up with postfix. 
That worked a lot easier for me then the dovecot which I tried as well.
-- 
David Willoughby
email: dlw at d1w.org
icq: 1852393

On Saturday 2005-December-31 17:17, Kim Culhan wrote:
> Attempting to setup smtpd auth for Postfix using the Dovecot
> authorization unix socket.
>
> Some info is at: http://www.postfix.org/SASL_README.html
And did you first follow the #build_dovecot instructions?
> To enable operation when Postfix is chrooted, a method from the
> reference above is to locate the socket at:
> /var/spool/postfix/private/auth
And what is in your Postfix config? I followed the instructions more or 
less exactly, and it works for me.
> To do this, I have this configuration in dovecot.conf:
>
> # listener sockets will be created by Dovecot's master process using
> the # settings given inside the auth section
> auth default_with_listener {
This is what I don't understand. My socket is defined in the "auth 
default" section. I'm not clear about (and found nothing at the Wiki) 
the use of other auth sections. I know they are separate authentication 
processes, and it says this in my dovecot.conf comments:

"You can have multiple authentication processes. With plaintext 
authentication the password is checked against each process, the first 
one which succeeds is used. ..."
> Also, Dovecot will make /auth owned by root which Postfix
> considers a 'fatal' problem. Should it be setup to run as user
> Postfix ?
My socket, /var/spool/postfix/private/auth, is mode 0666 and owned by 
root:root. SMTP AUTH works.

Sorry, I know this is a lame reply, but I've been an advocate of this 
feature, so I hope to learn more about it. :)
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

On Sat, 2005-12-31 at 18:17 -0500, Kim Culhan wrote:
>     client {
>       path = /var/spool/postfix/private/dovecot-auth-master
>       mode = 0660
This isn't -master socket, so the path is a bit misleading.

And either set mode = 0666 or add a line with "user = postfix".
> dovecot: Dec 31 17:04:32 Error: child 3536 (auth) returned error 89
> dovecot: Dec 31 17:25:34 Error: Auth process died too early - shutting down
> dovecot: Dec 31 17:25:34 Error: auth(default_with_listener): Unknown
> userdb driver 'pam' (typo, or Dovecot was built without support for
> it? Check with dovecot --build-options)
> 
> Before modifying the setup for this auth function, pam authentication was
> working fine.
PAM is only a "passdb", not an "userdb". So I'd think
you wanted to set
passdb pam, userdb passwd (or whatever, since postfix doesn't use it at
all).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20060101/8517d557/attachment.bin>