1. The man page I get is slightly different: %??? man 5 passwd PASSWD(5)???????????????? FreeBSD File Formats Manual??????????????? PASSWD(5) NAME ???? passwd, master.passwd -- format of the password file DESCRIPTION ???? The passwd files are the local source of password information.? They can ???? be used in conjunction with the Hesiod domains `passwd' and `uid', and ???? the NIS maps `passwd.byname', `passwd.byuid', `master.passwd.byname', and ???? `master.passwd.byuid', as controlled by nsswitch.conf(5). ???? For consistency, none of these files should ever be modified manually. ???? The master.passwd file is readable only by root, and consists of newline ???? separated records, one per user, containing ten colon (`:') separated ???? fields.? These fields are as follows: ???? [...] ???? The passwd file is generated from the master.passwd file by pwd_mkdb(8), ???? has the class, change, and expire fields removed, and the password field ???? replaced by a `*' character. ???? [...] ???? In the master.passwd file, the password field is the encrypted form of ???? the password, see crypt(3).? If the password field is empty, no password ???? will be required to gain access to the machine.? This is almost invari- ???? ably a mistake, so authentication components such as PAM can forcibly ???? disallow remote access to passwordless accounts.? Because this file con- ???? tains the encrypted user passwords, it should not be readable by anyone ???? without appropriate privileges. ???? A password of `*' indicates that password authentication is disabled for ???? that account (logins through other forms of authentication, e.g., using ???? ssh(1) keys, will still work).? The field only contains encrypted pass- ???? words, and `*' can never be the result of encrypting a password. Do I need to tell dovecot to check master.passwd instead of passwd? 2. Is my (simple) passdb OK? passdb { ? args = blocking=no ? driver = passwd } I guess it would be easy to try it without the "args" line. 4. Sometimes I log in as www to do web page stuff, so files are owned by www. www has a shell, and a password, and can ssh fine. Thanks for your help! Bob On Sunday, February 5, 2017 2:58 AM, Christian Kivalo <ml+dovecot at valo.at> wrote:>dovecot: auth: passwd(xxx,xxx,<40AjQMFHSLVLGJAC>): invalid password >field '*'The '*' in passwd password field stands for login disabled. See man 5 passwd or http://www.manpages.info/freebsd/passwd.5.html>-ERR [AUTH] Authentication failed.This is probably because the users login is disabled. In one oft your provided log outputs you are trying to login as user 'www'. Why? The webserver user has the login normaly disabled.
Hi, everyone, Got through for the first time! In fact the trick was to switch to: passdb { ? driver = passwd-file ? args = path-to-file-with-encrypted-passwords } Thanks for steering me in the right direction. Next I guess is SSL for more security. Bob On Sunday, February 5, 2017 8:14 AM, "drbobllc at yahoo.com" <drbobllc at yahoo.com> wrote: Do I need to tell dovecot to check master.passwd instead of passwd? 2. Is my (simple) passdb OK? passdb { ? args = blocking=no ? driver = passwd }
Am 5. Februar 2017 15:14:51 MEZ schrieb drbobllc at yahoo.com:>1. The man page I get is slightly different: >%??? man 5 passwd >PASSWD(5)???????????????? FreeBSD File Formats Manual??????????????? >PASSWD(5) > >NAME >???? passwd, master.passwd -- format of the password file > >DESCRIPTION >???? The passwd files are the local source of password information.? >They can >???? be used in conjunction with the Hesiod domains `passwd' and `uid', >and >???? the NIS maps `passwd.byname', `passwd.byuid', >`master.passwd.byname', and >???? `master.passwd.byuid', as controlled by nsswitch.conf(5). > >???? For consistency, none of these files should ever be modified >manually. > >???? The master.passwd file is readable only by root, and consists of >newline >???? separated records, one per user, containing ten colon (`:') >separated >???? fields.? These fields are as follows: > >???? [...] > >???? The passwd file is generated from the master.passwd file by >pwd_mkdb(8), >???? has the class, change, and expire fields removed, and the password >field >???? replaced by a `*' character. > >???? [...] >???? In the master.passwd file, the password field is the encrypted >form of >???? the password, see crypt(3).? If the password field is empty, no >password >???? will be required to gain access to the machine.? This is almost >invari- >???? ably a mistake, so authentication components such as PAM can >forcibly >???? disallow remote access to passwordless accounts.? Because this >file con- >???? tains the encrypted user passwords, it should not be readable by >anyone >???? without appropriate privileges. > >???? A password of `*' indicates that password authentication is >disabled for >???? that account (logins through other forms of authentication, e.g., >using >???? ssh(1) keys, will still work).? The field only contains encrypted >pass- >???? words, and `*' can never be the result of encrypting a password. > Do I need to tell dovecot to check master.passwd instead of passwd?You could try using passwd-file as passdb but i have never used anything else than pam and sql.>2. Is my (simple) passdb OK? > >passdb { >? args = blocking=no >? driver = passwd >} >I guess it would be easy to try it without the "args" line. >4. Sometimes I log in as www to do web page stuff, so files are owned >by www. www has a shell, and a password, and can ssh fine.Whats the uid of 'www'? See http://wiki2.dovecot.org/UserIds the part about uids. It could be that the www user has a uid below 500 and therefore login is disabled with the default settings. Christian>Thanks for your help! >Bob > >On Sunday, February 5, 2017 2:58 AM, Christian Kivalo ><ml+dovecot at valo.at> wrote: > >>dovecot: auth: passwd(xxx,xxx,<40AjQMFHSLVLGJAC>): invalid password >>field '*' > >The '*' in passwd password field stands for login disabled. See man 5 >passwd or http://www.manpages.info/freebsd/passwd.5.html > >>-ERR [AUTH] Authentication failed. > >This is probably because the users login is disabled. > >In one oft your provided log outputs you are trying to login as user >'www'. Why? The webserver user has the login normaly disabled. >
Hi again, everyone, Adding SSL seemed to go smoothly, I can check my email now with Thunderbird with "connection security" set to STARTTLS. My next issue is receiving emails. Can you help me with that, too? It works to use "mail" on the command line to send email from one account to another. But email from this yahoo account never appears. How should I start to try to figure this out? Thanks! Bob On Sunday, February 5, 2017 10:12 AM, "drbobllc at yahoo.com" <drbobllc at yahoo.com> wrote: Next I guess is SSL for more security.
I appreciated the help I received here. To try to give back a little, I contributed something I learned to the wiki: Passwd as a password databasePasswd as a password database on FreeBSD Thanks again, Bob On Sunday, February 5, 2017 10:12 AM, "drbobllc at yahoo.com" <drbobllc at yahoo.com> wrote: Hi, everyone, Got through for the first time! In fact the trick was to switch to: passdb { ? driver = passwd-file ? args = path-to-file-with-encrypted-passwords } Thanks for steering me in the right direction. Next I guess is SSL for more security. Bob On Sunday, February 5, 2017 8:14 AM, "drbobllc at yahoo.com" <drbobllc at yahoo.com> wrote: Do I need to tell dovecot to check master.passwd instead of passwd? 2. Is my (simple) passdb OK? passdb { ? args = blocking=no ? driver = passwd }