Cassidy B. Larson
2006-Dec-17 19:27 UTC
[Dovecot] Proxy with MasterUser + Authentication issues
Per Timo's direction, I decided to give the MasterUser a try in connecting
my proxy to my destination server.
This might allow for the use of 'secure password' for my clients that
like
to check that box by default.
A couple of problems I'm running into running RC15:
#1: My Proxy's SQL password_query line:
password_query = SELECT a.clearpasswd AS password, v.storeIP AS host,
CONCAT(v.userID,'*someuser') AS destuser, 'Y' AS nologin,
'Y' AS nodelay,
'Y' AS proxy, 'somepass' AS pass FROM iwmailsystem.virtmailbox
AS v NATURAL
JOIN authenticate.users AS a WHERE
v.userID = '%u' and v.imap_active = 1
I'm wanting to authenticate the user on the proxy before I send it off via
the MasterUser to the destination server. However, I show this in the logs:
Info: auth(default): client in: AUTH 1 PLAIN service=IMAP
lipx.y.z.a rip=a.b.c.d resp=AGJ1dGNoQGluZm93ZXN0LmNvbQBzZWNyZXQInfo:
auth-worker(default): sql(user at host.com,a.b.c.d): query: SELECT
a.clearpass
wd AS password, v.storeIP AS host, CONCAT(v.userID,'*someuser') AS
destuser, 'Y' AS nologin, 'Y' AS nodelay, 'Y' AS p
roxy, 'somepass' AS pass FROM iwmailsystem.virtmailbox AS v NATURAL JOIN
authenticate.users AS a WHERE v.userID = 'user at host.com'
and v.imap_active = 1
Error: auth(default): file auth-request.c: line 207
(auth_request_save_cache): assertion failed: (extra_fields == NULL ||
(strstr(extra_fields, "\tpass=") == NULL &&
strncmp(extra_fields, "pass=",
5) != 0))
Error: child 54122 (auth) killed with signal 6
The Wiki showed I should return a 'pass' column. However, that's
choking the
query up in auth-request.c. Could it be the "\tpass" from
auth-request.c?
If I change user at host.com's password to 'someass' and remove the
'pass'
column from the password_query, it authenticates, and proxy's over just
fine. Am I doing something wrong? I want to authenticate the user locally on
the proxy and pass off the 'master password' to the proxy, but using
'pass'
doesnt work. 'password' column does. Doesnt help me though for my
situation
:)
Problem #2:
I'm wanting to put the masteruser/pass in the database for quick retrieval
and updating.
So I setup dovecot.conf as:
passdb sql {
# Path for SQL configuration file, see doc/dovecot-sql.conf for example
args = /usr/local/etc/dovecot-sql.conf
master=yes
#pass=yes
}
passdb passwd {
}
and dovecot-sql.conf with:
password_query = SELECT '%u' AS user, 'master-password' AS
password
Trying to connect locally with a "telnet localhost 143" via:
1 login user at host.com*someuser "somepass"
Give me this in the detail log file:
Info: auth(default): client in: AUTH 1 PLAIN service=IMAP
lipa.b.c.d rip=w.x.y.z
resp=AGJ1dGNoQGluZm93ZXN0LmNvbSphZG1pbkBpbmZvd2VzdC5jb20AbWFzdGVyLXBhc3N3b3Jk
Error: auth-worker(default): BUG: PASSV had invalid passdb ID
Warning: Killed with signal 15
I am able to successfully authenticate with the master user/pass if I store
it in a passdb file.
However, I'd prefer to have it in the database for obvious reasons.
Any help to the above would be appreciated.
thanks,
Cassidy
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20061217/0b66e7a4/attachment-0001.html>
Timo Sirainen
2007-Feb-15 10:49 UTC
[Dovecot] Proxy with MasterUser + Authentication issues
On Sun, 2006-12-17 at 12:27 -0700, Cassidy B. Larson wrote:> Error: auth(default): file auth-request.c: line 207 > (auth_request_save_cache): assertion failed: (extra_fields == NULL || > (strstr(extra_fields, "\tpass=") == NULL && strncmp(extra_fields, > "pass=", 5) != 0))Finally fixed this. The assert isn't valid anymore, so it can be just removed.> Error: auth-worker(default): BUG: PASSV had invalid passdb IDDoes this still happen with rc22? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070215/78e08b4c/attachment.bin>