dovecot - Feb 2008 - Master user doesn't work with 'pass=yes'

Hi,

It seems that master user login does not work with the 'pass=yes' option
as recommended and documented.

I defined a master user passdb as documented. In addition, I have a passdb sql.
If 'pass=yes' is defined then it seems that dovecot recognizes the
master login,
verifies the master password but then attempts to verify the ***master*** 
password again with the ***user*** password (?) and fails.

If 'pass=yes' is not defined then master login works OK, but if the
user does not exist I get a "* BYE Internal login failure. Refer to 
server log for more information." instead of the usual "NO
Authentication failed.".

In addition, I'd like to check the SQL users before the master user, because
most logins will be done by SQL users. If I place master passdb after
passdb SQL then dovecot fails to start with "Last passdb can't have
pass=yes".

How can I use master password and "pass=yes"?

I'm using dovecot 1.0.10.
This is the configuration that fails master login:

dovecot.conf:
auth_master_user_separator=*
auth default {
        passdb passwd-file {
                args = /usr/local/etc/passwd.masterusers
                master = yes
                pass = yes
        }
        passdb sql {
                args = /usr/local/etc/dovecot-sql.conf
        }
        userdb prefetch {
        }
        userdb sql {
                args = /usr/local/etc/dovecot-sql.conf
        }
}

passwd.masterusers:
master:{SHA}aFAMsNWXTaL5dwGZWeeOhWhlTZA
(password is 'masterpass')

log file:
Feb 18 17:44:27 ha-test1 dovecot: auth(default): client in: AUTH    1    PLAIN  
service=IMAP    secured    lip=127.0.0.1    rip=127.0.0.1   
resp=AHVzZXIxQGV4YW1wbGUub3JnKm1hc3RlcgBtYXN0ZXJwYXNz
Feb 18 17:44:27 ha-test1 dovecot: auth(default):
passwd-file(master,127.0.0.1,master): lookup: user=master
file=/usr/local/etc/passwd.masterusers
Feb 18 17:44:27 ha-test1 dovecot: auth(default):
passdb(master,127.0.0.1,master): Master user logging in as user1 at example.org
Feb 18 17:44:27 ha-test1 dovecot: auth-worker(default): sql(user1 at
example.org,127.0.0.1): query: SELECT username as user, password, maildir as
userdb_home, concat('maildir:', maildir) as userdb_mail, 150 as
userdb_uid, 12 as userdb_gid, concat('maildir:storage=', quota) AS
userdb_quota FROM mailbox WHERE username = 'user1 at example.org' AND
active = '1'
Feb 18 17:44:27 ha-test1 dovecot: auth-worker(default): sql(user1 at
example.org,127.0.0.1): Password mismatch

***** Here 'masterpass' is compared to the **USER** password hash (?)
*******************

Feb 18 17:44:27 ha-test1 dovecot: auth-worker(default): sql(user1 at
example.org,127.0.0.1): PLAIN-MD5(masterpass) !=
'81dc9bdb52d04dc20036dbd8313ed055'

Feb 18 17:44:28 ha-test1 dovecot: auth(default): client out: FAIL    1   
user=user1 at example.org

Thanks,
Ron





     
____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

On Mon, 2008-02-25 at 05:02 -0800, Ron Avriel wrote:
> It seems that master user login does not work with the 'pass=yes'
option
> as recommended and documented.
Fixed: http://hg.dovecot.org/dovecot-1.1/rev/be991f857c70
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20080302/0cba4180/attachment-0002.bin>