dovecot - Jul 2006 - passwd authentication issues (ATTN: Petar)

Hi, Petar,

	For whatever reason, I didn't see your most recent reply until I checked
the web archives.

	To answer your questions...

	Is my dovecot running chrooted? Not that I know of. However, the option to
(apparently) decide this is confusing at best. Here is what I have entered.

# chroot login process to the login_dir. Only reason not to do this is if you
# wish to run the whole Dovecot without roots.
# http://wiki.dovecot.org/Rootless
login_chroot = yes

	Now, my guts tell me that this WILL make it run chrooted. However, reading the
material at this link...

http://wiki.dovecot.org/Rootless

	...says otherwise, and that setting this to 'no' would be making it run
chrooted.

	For reference, this is the process line from ps -aux|grep dovecot

root     3182  0.0  1.4  256   876 ?     Ss   Sun08PM 10:10.06
/usr/local/sbin/dovecot

	Also, something else just turned up in the process list that I'm not sure I
understand. Specifically...

root     1817  0.0  1.6  324  1056 ?     S     8:53PM  0:00.19 dovecot-auth 
dovecot  2191  0.0  3.0  256  1940 ?     S     8:53PM  0:00.97 imap-login 
root     3182  0.0  1.4  256   876 ?     Ss   Sun08PM 10:11.78
/usr/local/sbin/dovecot
dovecot  6333  0.0  3.0  256  1940 ?     S     8:53PM  0:00.93 imap-login 
dovecot  8133  0.0  3.0  256  1940 ?     S     8:53PM  0:00.97 imap-login 
dovecot  8397  0.0  3.0  256  1940 ?     S     8:53PM  0:00.96 imap-login 
dovecot 16144  0.0  3.0  256  1940 ?     S     8:53PM  0:00.92 imap-login 

	This has me deeply confused. I'm not running IMAP, I'm not interested
in running IMAP, I don't want anything to do with IMAP. However, there's
five processes for imap-login. What gives?

	On to your second question: Are /etc/pwd.db and /etc/spwd.db available? Yes,
both are listed in the directory of /etc as follows.

-rw-r--r--  1 root  wheel  40960 Jul  9 09:56 /etc/pwd.db
-rw-------  1 root  wheel  40960 Jul  9 09:56 /etc/spwd.db
featherweb: {41}

	How "available" this makes them (I don't know what context you
were asking in), I'm not sure. Just for giggles, I tried chaning the
permissions on spwd.db so that it was world-readable. Doing so had no effect. I
still get password failure errors when I try to authenticate a pop3s connection
from the client program.

	One other question: Pegasus (the mail client) has two options for secure POP
connections besides apop (which I've shelved for the moment): STLS and
direct SSL connection. I've got it set to direct SSL at the moment. Does
this sound right?

	Looking forward to the next set of replies.

	Thanks much.


-=-=-=-=-=-=-=-=-=-=-=-
Bruce Lane, Owner & Head Hardware Heavy,
Blue Feather Technologies -- http://www.bluefeathertech.com
kyrrin (at) bluefeathertech do/t c=o=m
"If Salvador Dali had owned a computer, would it have been equipped with
surreal ports?"

Bruce Lane wrote:
> Hi, Petar,
Hi!

> 	Is my dovecot running chrooted? Not that I know of. However, the option to
(apparently) decide this is confusing at best. Here is what I have entered.
> 
> # chroot login process to the login_dir. Only reason not to do this is if
you
> # wish to run the whole Dovecot without roots.
> # http://wiki.dovecot.org/Rootless
> login_chroot = yes
Hmm, I had chroot(8) on my mind, but AFAIK, this option and chroot(8) 
have both something to do with chroot(2).

I don't fully understand what `login_chroot' is actually doing. However,
it's not activated in my dovecot.conf.

$ grep login_chroot dovecot.conf.ssl
#login_chroot = yes

The wiki says, that this just makes sense if you want to _start_ dovecot 
as non-root, so you better ignore my `login_chroot' and stick to the 
default (if that really is the default).

> 	This has me deeply confused. I'm not running IMAP, I'm not
interested in running IMAP, I don't want anything to do with IMAP. However,
there's five processes for imap-login. What gives?
What does `protocols' from your dovecot.conf say?

> 	On to your second question: Are /etc/pwd.db and /etc/spwd.db available?
Yes, both are listed in the directory of /etc as follows.
> 
> 	How "available" this makes them (I don't know what context
you were asking in), I'm not sure.
That question war related to chroot(8). If you chroot things and if you 
want to authenticate `passwd'-users in this new chroot-ed environment.. 
then you need at least pwd.db.

> 	One other question: Pegasus (the mail client) has two options for secure
POP connections besides apop (which I've shelved for the moment): STLS and
direct SSL connection. I've got it set to direct SSL at the moment. Does
this sound right?
How about trying plain-pop3 / plain-imap? Maybe your problem has 
something to do with ssl..


Kind regards,

Petar