Mark Alan
2010-Dec-04 20:45 UTC
[Dovecot] passdb pam and userdb passwd "Authentication failure" errors
While using Ubuntu 10.10 + Dovecot 1.2.12 + Postfix 2.7.1-1:
To enable virtual accounts, I am using the
following /etc/dovecot/auth.d/virtualsomename.auth file:
passdb passwd-file {
args = /etc/dovecot/passwd
}
userdb static {
args = uid=vmail gid=vmail home=/home/vmail/%u
}
EOT
cat /etc/dovecot/passwd looks like this:
test:{PLAIN}pass
bill:{PLAIN}secret
timo at example.com:{PLAIN}hello123
dave at example.com:{PLAIN}world234
Issuing a 'sudo dovecot -n' shows:
.../...
auth default:
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: pam
passdb:
driver: passwd-file
args: /etc/dovecot/passwd
userdb:
driver: passwd
userdb:
driver: static
args: uid=vmail gid=vmail home=/home/vmail/%u
.../...
and while trying to connect to Dovecot as dave at example.com the log
shows:
2010-12-04 18:15:58 auth(default): Info: new auth connection: pid=15334
2010-12-04 18:15:58 auth(default): Info: client in: AUTH 1 PLAIN
service=smtp nologin lip=127.0.1.1 rip=127.0.1.1
resp=AGRhdmVAZXhhbXBsZS5jb20Ad29ybGQyMzQ= 2010-12-04 18:15:58
auth-worker(default): Info: pam(dave at example.com,127.0.1.1): lookup
service=dovecot 2010-12-04 18:15:58 auth-worker(default): Info:
pam(dave at example.com,127.0.1.1): #1/1 style=1 msg=Password: 2010-12-04
18:16:00 auth-worker(default): Info: pam(dave at example.com,127.0.1.1):
pam_authenticate() failed: Authentication failure (password mismatch?)
(given password: world234)
2010-12-04 18:16:00 auth(default): Info:
passwd-file(dave at example.com,127.0.1.1): lookup: user=dave at example.com
file=/etc/dovecot/passwd 2010-12-04 18:16:00 auth(default): Info:
client out: OK 1 user=dave at example.com
I have 2 questions:
QUESTION 1: To avoid those Authentication failure errors should I
also comment out the passdb pam {...} and userdb passwd {...} blocks
in the main /etc/dovecot/dovecot.conf?
I was thinking in something like:
sudo sed -i '/passdb pam {/,/}/s/^/#/' /etc/dovecot/dovecot.conf
sudo sed -i '/userdb passwd {/,/}/s/^/#/' /etc/dovecot/dovecot.conf
QUESTION 2: the final email arrives with an email header that
includes:
Received: from desk.example.com (unknown [127.0.1.1])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mail.example.com (Postfix) with ESMTPSA id F24707FE6D
for <example at example.com>; Sat, 4 Dec 2010 18:16:00 +0000 (WET)
Does this mean that I have SSL/TLS properly configured? The "No client
certificate requested" is supposed to be there?
Thank you.
M.
Andreas Ntaflos
2010-Dec-04 21:51 UTC
[Dovecot] passdb pam and userdb passwd "Authentication failure" errors
On Saturday 04 December 2010 21:45:34 Mark Alan wrote: > QUESTION 2: the final email arrives with an email header that> includes: > Received: from desk.example.com (unknown [127.0.1.1]) > (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) > (No client certificate requested) > by mail.example.com (Postfix) with ESMTPSA id F24707FE6D > for <example at example.com>; Sat, 4 Dec 2010 18:16:00 +0000 (WET) > > Does this mean that I have SSL/TLS properly configured? The "No > client certificate requested" is supposed to be there?Can't really help you with your first question, however this second question pertains to Postfix and not Dovecot. But yes, from the looks of this header it seems TLS is configured correctly, and yes, "no client certificate requested" should be here. Unless of course you think you have Postfix configured to require client certificate verification. I advise you to have a look at the Postfix TLS documentation at <http://www.postfix.org/TLS_README.html>. HTH Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <http://dovecot.org/pipermail/dovecot/attachments/20101204/12dc05ab/attachment-0002.bin>
Mark Alan
2010-Dec-05 10:40 UTC
[Dovecot] passdb pam and userdb passwd "Authentication failure" errors
On Sat, 4 Dec 2010 22:51:06 +0100, Andreas Ntaflos <daff at dword.org> wrote:> Can't really help you with your first question, however this second > question pertains to Postfix and not Dovecot. But yes, from the looks > of this header it seems TLS is configured correctly, and yes, "no > client certificate requested" should be here.Thank you. M.
Timo Sirainen
2010-Dec-07 23:41 UTC
[Dovecot] passdb pam and userdb passwd "Authentication failure" errors
On Sat, 2010-12-04 at 20:45 +0000, Mark Alan wrote:> passdb: > driver: pam > passdb: > driver: passwd-file > args: /etc/dovecot/passwd > userdb: > driver: passwd > userdb: > driver: static > args: uid=vmail gid=vmail home=/home/vmail/%u > .../... > > QUESTION 1: To avoid those Authentication failure errors should I > also comment out the passdb pam {...} and userdb passwd {...} blocks > in the main /etc/dovecot/dovecot.conf?Yes.> I was thinking in something like: > sudo sed -i '/passdb pam {/,/}/s/^/#/' /etc/dovecot/dovecot.conf > sudo sed -i '/userdb passwd {/,/}/s/^/#/' /etc/dovecot/dovecot.confNo idea if that works.> QUESTION 2: the final email arrives with an email header that > includes: > Received: from desk.example.com (unknown [127.0.1.1]) > (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) > (No client certificate requested) > by mail.example.com (Postfix) with ESMTPSA id F24707FE6D > for <example at example.com>; Sat, 4 Dec 2010 18:16:00 +0000 (WET) > > Does this mean that I have SSL/TLS properly configured? The "No client > certificate requested" is supposed to be there?Not a Dovecot question, so I don't know. But my guess is that it means client connected using TLS, but server didn't require a client to send a client-side certificate. Very few people use client certs, so I don't know why that would be explicitly mentioned there.