Jouko Nikula
2013-Nov-25 02:36 UTC
[Dovecot] Checkpassword interface for custom password check and home mounting
Hi,
I'm trying to use the checkpassword interface to do a password check and if
the check succeeds I mount the user home directory (including mail) using
the users login password and uid.
My password check seems to work, but when I add the home directory mounting
things seem to stop. Dovecot never logs the result of the password check
and nothing happens until the client gets bored and tries again. I added
trace to the dovecot's checkpassword-reply and I see that it's really
executed, it writes the reply and returns 0 for successful authentication.
My dovecot version is 2.1.7. My checkpassword is a setuid binary and the
mount is a self made fuse-fs.
Any ideas what happens? Are there better ways to do this?
Thanks,
- Jouko
Jouko Nikula
2013-Nov-25 03:50 UTC
[Dovecot] Checkpassword interface for custom password check and home mounting
Hi,
I'm trying to use the checkpassword interface to do a password check
and if the check succeeds I mount the user home directory (including
mail) using the users login password and uid.
Things work well if I do the mount manually, but when I add the home
directory mounting to checkpassword things seem to stop. Dovecot logs
the result of the password check, but doesn't send the result to
client.
Here's the log:
Nov 25 10:32:05 jlaptop dovecot: auth: Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
Nov 25 10:32:05 jlaptop dovecot: auth: Debug: auth client connected (pid=27551)
Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011session=8HsMAvjrvgB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=39614
Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client out: CONT#0111#011
Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client in: CONT<hidden>
Nov 25 10:32:05 jlaptop dovecot: auth: Debug:
checkpassword(jouko.nikula,127.0.0.1,<8HsMAvjrvgB/AAAB>): execute:
/usr/sbin/gpgfusemount /usr/lib/dovecot/checkpassword-reply
Nov 25 10:32:05 jlaptop dovecot: auth: Debug:
checkpassword(jouko.nikula,127.0.0.1,<8HsMAvjrvgB/AAAB>):
exit_status=0
My dovecot version is 2.1.7. My checkpassword is a setuid binary and
the mount is a self made fuse-fs.
Any ideas what happens? Are there better ways to do this?
Thanks,
- Jouko
Kai Hendry
2013-Nov-25 03:57 UTC
[Dovecot] Checkpassword interface for custom password check and home mounting
On Mon, Nov 25, 2013 at 09:36:39AM +0700, Jouko Nikula wrote:> I'm trying to use the checkpassword interface to do a password check and if > the check succeeds I mount the user home directory (including mail) using > the users login password and uid.May I ask why you mount the user directory? Couldn't it just be already mounted and you simply use the PAM interface? passdb { driver = pam } userdb { driver = passwd }