Hello,
I have Director setup to proxy requests to backend servers. This works fine
when using "standard" username/passwords.
I am not try to enable the use of the Dovecot Master user through Director
into the backend servers.
a.) username is being sent as masteruser*username
b.) request hits the proxy and authenticates, and then is passed to the
backend servers and fails auth.
- logs from proxy/Director point of view.
auth: Info:
passwd-file(masteruser,172.31.33.224,master,<z2eYD0Rl6P+sHyHg>): Master
user logging in as devteam
imap-login: Info: proxy(devteam): Login failed to backend.servers:143
(master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:
user=<devteam>, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,
session=<z2eYD0R
l6P+sHyHg>
- logs from backend server point of view.
imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):
user=<masterusername>, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99,
session=<O8QN8kNlloXAqEcU>
Proxy/Director Configs (hopefully this is enough)
auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/conf.d/master-user-password
master = yes
pass = yes
}
passdb {
driver = static
args = proxy=y nopassword=y
}
Please let me know if I can provide any further details.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180215/6142f353/attachment.html>
> On 15 February 2018 at 20:22 Travis Dolan <travis.dolan at gmail.com> wrote: > > > Hello, > > I have Director setup to proxy requests to backend servers. This works fine > when using "standard" username/passwords. > > I am not try to enable the use of the Dovecot Master user through Director > into the backend servers. > > a.) username is being sent as masteruser*username > b.) request hits the proxy and authenticates, and then is passed to the > backend servers and fails auth. > > - logs from proxy/Director point of view. > > auth: Info: > passwd-file(masteruser,172.31.33.224,master,<z2eYD0Rl6P+sHyHg>): Master > user logging in as devteam > > imap-login: Info: proxy(devteam): Login failed to backend.servers:143 > (master masteruser): [AUTHENTICATIONFAILED] Authentication failed.: > user=<devteam>, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20, > session=<z2eYD0R > l6P+sHyHg> > > - logs from backend server point of view. > > imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): > user=<masterusername>, method=PLAIN, rip=192.168.71.20, lip=192.168.71.99, > session=<O8QN8kNlloXAqEcU> > > > Proxy/Director Configs (hopefully this is enough) > > auth_master_user_separator = * > passdb { > driver = passwd-file > args = /etc/dovecot/conf.d/master-user-password > master = yes > pass = yes > } > > passdb { > driver = static > args = proxy=y nopassword=y > } > > Please let me know if I can provide any further details. > > Thanks in advance.You could consider using "master password" instead. This works so that you configure proxy to use pass=some_static_password as the password forward, and you can then use static passdb in director, as in passdb { driver = static args = password=some_static_password .... } This way you don't need to setup master user authentication. Aki
Awesome, thanks for the advice. Using the following now works...
passdb {
driver = static
args = proxy=y password=doesnotmatter
}
Cheers.
On Feb 15 2018, at 2:40 pm, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> > On 15 February 2018 at 20:22 Travis Dolan <travis.dolan at
gmail.com> wrote:
>
>
> Hello,
>
> I have Director setup to proxy requests to backend servers. This works fine
> when using "standard" username/passwords.
>
> I am not try to enable the use of the Dovecot Master user through Director
> into the backend servers.
>
> a.) username is being sent as masteruser*username
> b.) request hits the proxy and authenticates, and then is passed to the
> backend servers and fails auth.
>
> \- logs from proxy/Director point of view.
>
> auth: Info:
> passwd-file(masteruser,172.31.33.224,master,<z2eYD0Rl6P+sHyHg>):
Master
> user logging in as devteam
>
> imap-login: Info: proxy(devteam): Login failed to backend.servers:143
> (master masteruser): [AUTHENTICATIONFAILED] Authentication failed.:
> user=<devteam>, method=PLAIN, rip=172.31.33.224, lip=192.168.71.20,
> session=<z2eYD0R
> l6P+sHyHg>
>
> \- logs from backend server point of view.
>
> imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs):
> user=<masterusername>, method=PLAIN, rip=192.168.71.20,
lip=192.168.71.99,
> session=<O8QN8kNlloXAqEcU>
>
>
> Proxy/Director Configs (hopefully this is enough)
>
> auth_master_user_separator = *
> passdb {
> driver = passwd-file
> args = /etc/dovecot/conf.d/master-user-password
> master = yes
> pass = yes
> }
>
> passdb {
> driver = static
> args = proxy=y nopassword=y
> }
>
> Please let me know if I can provide any further details.
>
> Thanks in advance.
>
> You could consider using "master password" instead.
>
> This works so that you configure proxy to use pass=some_static_password as
the password forward, and you can then use static passdb in director, as in
>
> passdb {
??driver = static
??args = password=some_static_password ....
}
>
> This way you don't need to setup master user authentication.
>
> Aki
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180215/58c5dc7b/attachment.html>