Hi,
My SSL auth got invalid, so I updated my SSL configuration (Apache works)
This ist the log:
---
Apr 22 11:01:55 rosi dovecot: imap-login: Debug: SSL: elliptic curve
secp384r1 will be used for ECDH and ECDHE key exchanges
Apr 22 11:01:55 rosi dovecot: imap-login: Debug: SSL: elliptic curve
secp384r1 will be used for ECDH and ECDHE key exchanges
Apr 22 11:01:55 rosi dovecot: auth: Debug: auth client connected (pid=3466)
Apr 22 11:01:55 rosi dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011session=a5AlFA8x3gAAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=48350#011resp=<hidden>
Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1):
lookup service=dovecot
Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1):
#1/1 style=1 msg=Password:
Apr 22 11:01:57 rosi dovecot: auth-worker(3460): pam(test,::1):
pam_authenticate() failed: Authentication failure (password mismatch?)
Apr 22 11:01:59 rosi dovecot: auth: Debug: client passdb out:
FAIL#0111#011user=test
Apr 22 11:01:59 rosi dovecot: imap-login: Aborted login (auth failed, 1
attempts in 4 secs): user=<test>, method=PLAIN, rip=::1, lip=::1,
secured, session=<a5AlFA8x3gAAAAAAAAAAAAAAAAAAAAAB>
---
A login via SSH is working, What could be the reason for the login fail?
This is my config:
---
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-85-generic x86_64 Ubuntu 14.04.4 LTS
auth_debug = yes
auth_verbose = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace {
hidden = yes
inbox = yes
list = no
location = mbox:~/mail:INBOX=/var/mail/%u
prefix = "#mbox/"
separator = /
type = private
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
sl_ca = </etc/letsencrypt/live/HOST/chain.pem
ssl_cert = </etc/letsencrypt/live/HOST/cert.pem
ssl_key = </etc/letsencrypt/live/HOST/privkey.pem
userdb {
driver = passwd
}
verbose_ssl = yes
protocol imap {
mail_max_userip_connections = 400
}
---
Thanks in advance for your help!
KR,
Christof
--
---------------------------------------------------------------------
<http://www.oe8.oevsv.at>Landesverband K?rnten
Christof Bodner, OE8BCK
Bertha-von-Suttnerstra?e 6/4
9500 Villach
----------------------------------------------------------------
email: mailto:oe8bck at oevsv.at
Tel.: +43-650-7215383
---------------------------------------------------------------------
GnuPG public key: 0x7204CB8C
Fingerprint 4065 0716 9A15 E26B 2286 9F04 FD3B 74E9 7204 CB8C
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Raute_OeVSV.gif
Type: image/gif
Size: 12268 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20160422/f8252a04/attachment-0001.gif>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 22 Apr 2016, Christof Bodner wrote:> Apr 22 11:01:55 rosi dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011secured#011session=a5AlFA8x3gAAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=48350#011resp=<hidden> > Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): > lookup service=dovecot > Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): > #1/1 style=1 msg=Password: > Apr 22 11:01:57 rosi dovecot: auth-worker(3460): pam(test,::1): > pam_authenticate() failed: Authentication failure (password mismatch?)it says failure, are you sure that PAM uses the same backends for Dovecot and SSH?> A login via SSH is working, What could be the reason for the login fail?- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVxoSrHz1H7kL/d9rAQJ54Qf8DumBO/FuQcky+kO9rln2I7mS8FNdXepU B6CRjP8JABmxIz6m48ntgPbUZVEztA9ApAfCw6iRLPaCf/NFnia3m1vQeyku49K9 jujF5beVlOsg+HFuttZ4mgTZs2cMnSJaVhzs2NHZtdCMKLzgrC0x5+rm62/VUKsy EONqpKm8h9lMXhWkFAkA+jpEocgLsdeY0TFcHeCTRirI2dsqNPQ7ifUPg6EtE3pK ccUL+doe5huZAMtc4JOSZmpGVOvmEmL4ig7Duk+9GmSptZ/7I3jHvOR1yNMaq3sb buFT5I7FHhP1Avxp6GY/+nTYhPQ+IRu7+aMBdq3vJgWaZyANv7mHLg==MsiI -----END PGP SIGNATURE-----
Hi, --- ssh -v -l test 10.0.1.117 debug1: Next authentication method: password test at 10.0.1.117's password: debug1: Authentication succeeded (password). Authenticated to 10.0.1.117 ([10.0.1.117]:22). debug1: channel 0: new [client-session] --- $ telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot (Ubuntu) ready. a1 LOGIN test 12345 a1 NO [ALERT] Password: --- Apr 22 20:40:11 rosi dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Apr 22 20:40:11 rosi dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Apr 22 20:40:11 rosi dovecot: auth: Debug: auth client connected (pid=11154) Apr 22 20:40:18 rosi dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=012XKBcxmgAAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=48794#011resp=<hidden> Apr 22 20:40:18 rosi dovecot: auth-worker(11158): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Apr 22 20:40:18 rosi dovecot: auth-worker(11158): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so Apr 22 20:40:18 rosi dovecot: auth-worker(11158): Debug: pam(test,::1): lookup service=dovecot Apr 22 20:40:18 rosi dovecot: auth-worker(11158): Debug: pam(test,::1): #1/1 style=1 msg=Password: Apr 22 20:40:20 rosi dovecot: auth-worker(11158): pam(test,::1): pam_authenticate() failed: Authentication failure (password mismatch?) Apr 22 20:40:22 rosi dovecot: auth: Debug: client passdb out: FAIL#0111#011user=test#011reason=Password: --- The PAM configuration is the same: --- $ cat /etc/pam.d/login ... # Standard Un*x account and session @include common-account @include common-session @include common-password ... --- $ cat /etc/pam.d/dovecot #%PAM-1.0 @include common-auth @include common-account @include common-session @include common-password --- So I'm quite sure that PAM uses the same backends. Any other ideas? KR, Christof Am 2016-04-22 14:01, schrieb Steffen Kaiser:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 22 Apr 2016, Christof Bodner wrote: > >> Apr 22 11:01:55 rosi dovecot: auth: Debug: client in: >> AUTH#0111#011PLAIN#011service=imap#011secured#011session=a5AlFA8x3gAAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=48350#011resp=<hidden> >> >> Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): >> lookup service=dovecot >> Apr 22 11:01:55 rosi dovecot: auth-worker(3460): Debug: pam(test,::1): >> #1/1 style=1 msg=Password: >> Apr 22 11:01:57 rosi dovecot: auth-worker(3460): pam(test,::1): >> pam_authenticate() failed: Authentication failure (password mismatch?) > > it says failure, are you sure that PAM uses the same backends for > Dovecot and SSH? > >> A login via SSH is working, What could be the reason for the login fail? > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVxoSrHz1H7kL/d9rAQJ54Qf8DumBO/FuQcky+kO9rln2I7mS8FNdXepU > B6CRjP8JABmxIz6m48ntgPbUZVEztA9ApAfCw6iRLPaCf/NFnia3m1vQeyku49K9 > jujF5beVlOsg+HFuttZ4mgTZs2cMnSJaVhzs2NHZtdCMKLzgrC0x5+rm62/VUKsy > EONqpKm8h9lMXhWkFAkA+jpEocgLsdeY0TFcHeCTRirI2dsqNPQ7ifUPg6EtE3pK > ccUL+doe5huZAMtc4JOSZmpGVOvmEmL4ig7Duk+9GmSptZ/7I3jHvOR1yNMaq3sb > buFT5I7FHhP1Avxp6GY/+nTYhPQ+IRu7+aMBdq3vJgWaZyANv7mHLg=> =MsiI > -----END PGP SIGNATURE------- --------------------------------------------------------------------- <http://www.oe8.oevsv.at>Landesverband K?rnten Christof Bodner, OE8BCK Pestalozzistzra?e 11/6 9500 Villach ---------------------------------------------------------------- email: mailto:oe8bck at oevsv.at Tel.: +43-650-7215383 --------------------------------------------------------------------- GnuPG public key: 8A265334 Fingerprint CF71 08D2 18B8 A824 37A5 B80E 0888 37E1 8A26 5334 --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: Raute_OeVSV.gif Type: image/gif Size: 12268 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20160422/6cc1c649/attachment.gif>