I've been trying to use Kerberos and PLAIN text file for authentication.
I've setup deliver in postfix master.cf and make sure correct username
are expanded but deliver is always told me "user unknown".
I can logon into mailbox using Kerberos w/o problems and can send
emails. Looks like Dovecot lookup up passwd files and not finding users
which are in Kerberos realm.
# 1.0.15: /etc/dovecot/dovecot.conf
log_path: /var/log/dovecot.log
protocols: imap
ssl_cert_file: /etc/postfix/new_chained.crt
ssl_key_file: /etc/postfix/mail.pem
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_greeting_capability: yes
mail_location: maildir:/var/mail/store/%u
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
auth default:
mechanisms: PLAIN CRAM-MD5 GSSAPI
passdb:
driver: passwd-file
args: /etc/dovecot/passwd
userdb:
driver: static
args: uid=vmail gid=vmail home=/var/mail/store/%u
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 438
user: root
group: root
plugin:
sieve: /var/mail/store/%u/sieve
On 8/14/2009, Nikolay Shopik (shopik at inblock.ru) wrote:> I've been trying to use Kerberos and PLAIN text file for > authentication. I've setup deliver in postfix master.cf and make sure > correct username are expanded but deliver is always told me "user unknown".It is best to provide full logs, instead of trying to paraphrase or interprewhat they are saying...> # 1.0.15: /etc/dovecot/dovecot.confThis is old... updating to latest stable (1.2.3) might fix your problem. -- Best regards, Charles
On Fri, 2009-08-14 at 22:06 +0400, Nikolay Shopik wrote:> I've been trying to use Kerberos and PLAIN text file for authentication. > I've setup deliver in postfix master.cf and make sure correct username > are expanded but deliver is always told me "user unknown". > I can logon into mailbox using Kerberos w/o problems and can send > emails. Looks like Dovecot lookup up passwd files and not finding users > which are in Kerberos realm. > > passdb: > driver: passwd-file > args: /etc/dovecot/passwdWhat do the usernames look like in this file? Set auth_debug=yes, what does deliver log then? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20090815/7f217fef/attachment-0002.bin>
On 16.08.2009 4:29, Timo Sirainen wrote:> On Fri, 2009-08-14 at 22:06 +0400, Nikolay Shopik wrote: >> I've been trying to use Kerberos and PLAIN text file for authentication. >> I've setup deliver in postfix master.cf and make sure correct username >> are expanded but deliver is always told me "user unknown". >> I can logon into mailbox using Kerberos w/o problems and can send >> emails. Looks like Dovecot lookup up passwd files and not finding users >> which are in Kerberos realm. >> >> passdb: >> driver: passwd-file >> args: /etc/dovecot/passwd > > What do the usernames look like in this file? Set auth_debug=yes, what > does deliver log then?Usernames are with domain - shopik at inblock.ru{PLAIN}password in file 15:34:31 Info: auth(default): client in: AUTH 1 GSSAPI service=IMAP lip=10.0.1.4 rip=1.1.107.157 15:34:31 Info: auth(default): gssapi(?,81.195.107.157): Obtaining credentials for imap at pluto 15:34:31 Info: auth(default): client out: CONT 1 15:34:31 Info: auth(default): client in: CONT<hidden> 15:34:31 Info: auth(default): gssapi(?,1.1.107.157): security context state completed. 15:34:31 Info: auth(default): client out: CONT 1 YIGCBgkqhkiG9xIBAgICAG9zMHGgAwIBBaEDAgEPomUwY6ADAgEXolwEWopE+RgkXAoy3StiEWS/b8J7060TbA+lNUzuY6tRtf3/cCPPbsnmaBbU8k2dlQ6MtNqL8XikW3tt25AK58x6yYKs6SH3ldkTlIBW36tJMplbdWgQqTSpY3ra6Q=15:34:31 Info: auth(default): client in: CONT<hidden> 15:34:31 Info: auth(default): gssapi(?,1.1.107.157): Negotiated security layer 15:34:31 Info: auth(default): client out: CONT 1 YDAGCSqGSIb3EgECAgIBEQD/////LPILd/RXG1o5TsKWu3XbHKx0vgAAAAAAAf///wE15:34:31 Info: auth(default): client in: CONT<hidden> 15:34:31 Info: auth(default): client out: OK 1 user=nshopik 15:34:31 Info: auth(default): master in: REQUEST 4 25904 1 15:34:31 Info: auth(default): master out: USER 4 nshopik uid=1001 gid=1001 home=/var/mail/store/nshopik 15:34:31 Info: imap-login: Login: user=<nshopik>, method=GSSAPI, rip=1.1.107.157, lip=10.0.1.4 15:34:31 Info: auth(default): new auth connection: pid=25910