Cassidy B. Larson
2006-Dec-17 19:27 UTC
[Dovecot] Proxy with MasterUser + Authentication issues
Per Timo's direction, I decided to give the MasterUser a try in connecting my proxy to my destination server. This might allow for the use of 'secure password' for my clients that like to check that box by default. A couple of problems I'm running into running RC15: #1: My Proxy's SQL password_query line: password_query = SELECT a.clearpasswd AS password, v.storeIP AS host, CONCAT(v.userID,'*someuser') AS destuser, 'Y' AS nologin, 'Y' AS nodelay, 'Y' AS proxy, 'somepass' AS pass FROM iwmailsystem.virtmailbox AS v NATURAL JOIN authenticate.users AS a WHERE v.userID = '%u' and v.imap_active = 1 I'm wanting to authenticate the user on the proxy before I send it off via the MasterUser to the destination server. However, I show this in the logs: Info: auth(default): client in: AUTH 1 PLAIN service=IMAP lipx.y.z.a rip=a.b.c.d resp=AGJ1dGNoQGluZm93ZXN0LmNvbQBzZWNyZXQInfo: auth-worker(default): sql(user at host.com,a.b.c.d): query: SELECT a.clearpass wd AS password, v.storeIP AS host, CONCAT(v.userID,'*someuser') AS destuser, 'Y' AS nologin, 'Y' AS nodelay, 'Y' AS p roxy, 'somepass' AS pass FROM iwmailsystem.virtmailbox AS v NATURAL JOIN authenticate.users AS a WHERE v.userID = 'user at host.com' and v.imap_active = 1 Error: auth(default): file auth-request.c: line 207 (auth_request_save_cache): assertion failed: (extra_fields == NULL || (strstr(extra_fields, "\tpass=") == NULL && strncmp(extra_fields, "pass=", 5) != 0)) Error: child 54122 (auth) killed with signal 6 The Wiki showed I should return a 'pass' column. However, that's choking the query up in auth-request.c. Could it be the "\tpass" from auth-request.c? If I change user at host.com's password to 'someass' and remove the 'pass' column from the password_query, it authenticates, and proxy's over just fine. Am I doing something wrong? I want to authenticate the user locally on the proxy and pass off the 'master password' to the proxy, but using 'pass' doesnt work. 'password' column does. Doesnt help me though for my situation :) Problem #2: I'm wanting to put the masteruser/pass in the database for quick retrieval and updating. So I setup dovecot.conf as: passdb sql { # Path for SQL configuration file, see doc/dovecot-sql.conf for example args = /usr/local/etc/dovecot-sql.conf master=yes #pass=yes } passdb passwd { } and dovecot-sql.conf with: password_query = SELECT '%u' AS user, 'master-password' AS password Trying to connect locally with a "telnet localhost 143" via: 1 login user at host.com*someuser "somepass" Give me this in the detail log file: Info: auth(default): client in: AUTH 1 PLAIN service=IMAP lipa.b.c.d rip=w.x.y.z resp=AGJ1dGNoQGluZm93ZXN0LmNvbSphZG1pbkBpbmZvd2VzdC5jb20AbWFzdGVyLXBhc3N3b3Jk Error: auth-worker(default): BUG: PASSV had invalid passdb ID Warning: Killed with signal 15 I am able to successfully authenticate with the master user/pass if I store it in a passdb file. However, I'd prefer to have it in the database for obvious reasons. Any help to the above would be appreciated. thanks, Cassidy -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20061217/0b66e7a4/attachment-0001.html>
Timo Sirainen
2007-Feb-15 10:49 UTC
[Dovecot] Proxy with MasterUser + Authentication issues
On Sun, 2006-12-17 at 12:27 -0700, Cassidy B. Larson wrote:> Error: auth(default): file auth-request.c: line 207 > (auth_request_save_cache): assertion failed: (extra_fields == NULL || > (strstr(extra_fields, "\tpass=") == NULL && strncmp(extra_fields, > "pass=", 5) != 0))Finally fixed this. The assert isn't valid anymore, so it can be just removed.> Error: auth-worker(default): BUG: PASSV had invalid passdb IDDoes this still happen with rc22? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070215/78e08b4c/attachment.bin>