Jouko Nikula
2013-Nov-25 02:36 UTC
[Dovecot] Checkpassword interface for custom password check and home mounting
Hi, I'm trying to use the checkpassword interface to do a password check and if the check succeeds I mount the user home directory (including mail) using the users login password and uid. My password check seems to work, but when I add the home directory mounting things seem to stop. Dovecot never logs the result of the password check and nothing happens until the client gets bored and tries again. I added trace to the dovecot's checkpassword-reply and I see that it's really executed, it writes the reply and returns 0 for successful authentication. My dovecot version is 2.1.7. My checkpassword is a setuid binary and the mount is a self made fuse-fs. Any ideas what happens? Are there better ways to do this? Thanks, - Jouko
Jouko Nikula
2013-Nov-25 03:50 UTC
[Dovecot] Checkpassword interface for custom password check and home mounting
Hi, I'm trying to use the checkpassword interface to do a password check and if the check succeeds I mount the user home directory (including mail) using the users login password and uid. Things work well if I do the mount manually, but when I add the home directory mounting to checkpassword things seem to stop. Dovecot logs the result of the password check, but doesn't send the result to client. Here's the log: Nov 25 10:32:05 jlaptop dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Nov 25 10:32:05 jlaptop dovecot: auth: Debug: auth client connected (pid=27551) Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=8HsMAvjrvgB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=39614 Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client out: CONT#0111#011 Nov 25 10:32:05 jlaptop dovecot: auth: Debug: client in: CONT<hidden> Nov 25 10:32:05 jlaptop dovecot: auth: Debug: checkpassword(jouko.nikula,127.0.0.1,<8HsMAvjrvgB/AAAB>): execute: /usr/sbin/gpgfusemount /usr/lib/dovecot/checkpassword-reply Nov 25 10:32:05 jlaptop dovecot: auth: Debug: checkpassword(jouko.nikula,127.0.0.1,<8HsMAvjrvgB/AAAB>): exit_status=0 My dovecot version is 2.1.7. My checkpassword is a setuid binary and the mount is a self made fuse-fs. Any ideas what happens? Are there better ways to do this? Thanks, - Jouko
Kai Hendry
2013-Nov-25 03:57 UTC
[Dovecot] Checkpassword interface for custom password check and home mounting
On Mon, Nov 25, 2013 at 09:36:39AM +0700, Jouko Nikula wrote:> I'm trying to use the checkpassword interface to do a password check and if > the check succeeds I mount the user home directory (including mail) using > the users login password and uid.May I ask why you mount the user directory? Couldn't it just be already mounted and you simply use the PAM interface? passdb { driver = pam } userdb { driver = passwd }