Hi Aki, I've configured in this way: vm-weakforced:~# printf 'wforce:super' | base64 d2ZvcmNlOnN1cGVy vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy With the same result... > WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web Authentication failed WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web Authentication failed WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web Authentication failed I'm not considering some detail Regards, El 16/01/19 a las 09:26, Aki Tuomi escribi?:> Hi! > > You configure it like this: > > auth_policy_server_url = http://localhost:8084/ > auth_policy_hash_nonce = some random string > auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOkJydHpUNlRuTkZ4UUU=" > > the authorization blob is basically > > printf 'wforce:super' | base64 > > Aki > >> On 16 January 2019 at 10:06 alberto bersol <alberto at bersol.info> wrote: >> >> >> Hi, >> I'm trying to set Weakforced with Dovecot and I cannot log in policy >> server. This is the config: >> >> /root/weakforced/wforce/wforce.conf >> ----------------------------------- >> ... >> webserver("0.0.0.0:8084", "super") >> ... >> >> /etc/dovecot/conf.d/95-policy.conf >> ---------------------------------- >> auth_policy_server_url = http://localhost:8084/ >> #auth_policy_hash_nonce = wforce:super >> auth_policy_hash_nonce >> {SHA256-CRYPT}$5$Ue5UrToV.Bam02bQ$Bi9OJ62Mkgc20L2HnLVmD2OCHyXaKje6Hh7qNjnOkB9 >> >> I'm following the instructions of Dovecot's wiki: >> https://wiki.dovecot.org/Authentication/Policy >> ... >> "To generate the hash, you concatenate nonce, login name, nil byte, >> password and run it through the hash algorithm once. The hash is >> truncated when truncation is set to non-zero. The hash is truncated by >> first choosing bits from MSB to byte boundary (rounding up), then >> right-shifting the remainding bits. >> >> hash = H(nonce||user||'\x00'||password) >> bytes = round8(bits*8) >> hash = HEX(hash[0:bytes] >> (bytes-bits*8)) >> >> And I set hash with password (super) in this way: >> >> vm-weakforced:~# doveadm pw -p noncewforce\x00super -s SHA256-CRYPT >> {SHA256-CRYPT}$5$ZWIX2dnU7NJvGHgC$hYFbeCCaHYZv0yPP80GHygxQMPmI5BjMx2ttRe9zti2 >> >> >> But if I log in Dovecot Server: >> >> vm-weakforced:~# doveadm auth login usuario >> Password: >> passdb: usuario auth succeeded >> extra fields: >> ? user=usuario >> >> userdb extra fields: >> ? usuario >> ? system_groups_user=usuario >> ? uid=1000 >> ? gid=1000 >> ? home=/home/usuario >> >> Answer of Weakforced is always "...authentication failed": >> >> WforceWebserver: HTTP Request "/" from 127.0.0.1:39720: Web >> Authentication failed >> >> And Dovecot logs don't show anything else: >> ... >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: auth client >> connected (pid=967) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: client in: >> AUTH#0111#011PLAIN#011service=doveadm#011resp=dXN1YXJpbwB1c3VhcmlvAHVzdWFyaW8>> (previous base64 data may contain sensitive data) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: policy(usuario): >> Policy request http://localhost:8084/?command=allow >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: policy(usuario): >> Policy server request JSON: >> {"device_id":"","login":"usuario","protocol":"doveadm","pwhash":"0a00","remote":"","tls":false} >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> queue http://localhost:8084: Set request timeout to 2019-01-15 >> 16:50:52.236 (now: 2019-01-15 16:50:50.236) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer >> 127.0.0.1:8084 (shared): Peer created >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer >> 127.0.0.1:8084: Peer pool created >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >> 127.0.0.1:8084: Peer created >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> queue http://localhost:8084: Setting up connection to 127.0.0.1:8084 (1 >> requests pending) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >> 127.0.0.1:8084: Linked queue http://localhost:8084 (1 queues linked) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> queue http://localhost:8084: Started new connection to 127.0.0.1:8084 >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> request [Req4: POST http://localhost:8084/?command=allow]: Submitted >> (requests left=1) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >> 127.0.0.1:8084: Creating 1 new connections to handle requests (already 0 >> usable, connecting to 0, closing 0) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >> 127.0.0.1:8084: Making new connection 1 of 1 (0 connections exist, 0 >> pending) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Connecting >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Waiting for connect (fd=20) to >> finish for max 0 msecs >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: HTTP connection created (1 parallel connections exist) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Client connected (fd=20) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: Connected >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: Ready for requests >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >> 127.0.0.1:8084: Successfully connected (1 connections exist, 0 pending) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer >> 127.0.0.1:8084: Successfully connected (1 connections exist, 0 pending) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >> 127.0.0.1:8084: Using 1 idle connections to handle 1 requests (1 total >> connections ready) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> queue http://localhost:8084: Connection to peer 127.0.0.1:8084 claimed >> request [Req4: POST http://localhost:8084/?command=allow] >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: Claimed request [Req4: POST >> http://localhost:8084/?command=allow] >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> request [Req4: POST http://localhost:8084/?command=allow]: Sent header >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> request [Req4: POST http://localhost:8084/?command=allow]: Send more >> (sent 95, buffered=303) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> request [Req4: POST http://localhost:8084/?command=allow]: Finished >> sending payload >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >> 127.0.0.1:8084: No more requests to service for this peer (1 connections >> exist, 0 pending) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: Got 401 response for request [Req4: POST >> http://localhost:8084/?command=allow] (took 4 ms + 3 ms in queue) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Error: policy(usuario): >> Policy server HTTP error: 401 Unauthorized >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: Response payload stream destroyed (0 ms after >> initial response) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> request [Req4: POST http://localhost:8084/?command=allow]: Finished >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> queue http://localhost:8084: Dropping request [Req4: POST >> http://localhost:8084/?command=allow] >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >> request [Req4: POST http://localhost:8084/?command=allow]: Free >> (requests left=1) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >> 127.0.0.1:8084: No requests to service for this peer (1 connections >> exist, 0 pending) >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >> 127.0.0.1:8084 [2]: No more requests queued; going idle (timeout = 10000 >> msecs) >> ... >> >> Any idea? >> >> Thank you so much >> Regards, >>
Did you miss the closing quote from api_header? Also, can you turn on auth_debug=yes? Aki> On 16 January 2019 at 12:05 alberto bersol <alberto at bersol.info> wrote: > > > Hi Aki, > > I've configured in this way: > > vm-weakforced:~# printf 'wforce:super' | base64 > d2ZvcmNlOnN1cGVy > > vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf > auth_policy_server_url = http://localhost:8084/ > auth_policy_hash_nonce = some random string > auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy > > With the same result... > > > WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web > Authentication failed > WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web > Authentication failed > WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web > Authentication failed > > I'm not considering some detail > > Regards, > > El 16/01/19 a las 09:26, Aki Tuomi escribi?: > > Hi! > > > > You configure it like this: > > > > auth_policy_server_url = http://localhost:8084/ > > auth_policy_hash_nonce = some random string > > auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOkJydHpUNlRuTkZ4UUU=" > > > > the authorization blob is basically > > > > printf 'wforce:super' | base64 > > > > Aki > > > >> On 16 January 2019 at 10:06 alberto bersol <alberto at bersol.info> wrote: > >> > >> > >> Hi, > >> I'm trying to set Weakforced with Dovecot and I cannot log in policy > >> server. This is the config: > >> > >> /root/weakforced/wforce/wforce.conf > >> ----------------------------------- > >> ... > >> webserver("0.0.0.0:8084", "super") > >> ... > >> > >> /etc/dovecot/conf.d/95-policy.conf > >> ---------------------------------- > >> auth_policy_server_url = http://localhost:8084/ > >> #auth_policy_hash_nonce = wforce:super > >> auth_policy_hash_nonce > >> {SHA256-CRYPT}$5$Ue5UrToV.Bam02bQ$Bi9OJ62Mkgc20L2HnLVmD2OCHyXaKje6Hh7qNjnOkB9 > >> > >> I'm following the instructions of Dovecot's wiki: > >> https://wiki.dovecot.org/Authentication/Policy > >> ... > >> "To generate the hash, you concatenate nonce, login name, nil byte, > >> password and run it through the hash algorithm once. The hash is > >> truncated when truncation is set to non-zero. The hash is truncated by > >> first choosing bits from MSB to byte boundary (rounding up), then > >> right-shifting the remainding bits. > >> > >> hash = H(nonce||user||'\x00'||password) > >> bytes = round8(bits*8) > >> hash = HEX(hash[0:bytes] >> (bytes-bits*8)) > >> > >> And I set hash with password (super) in this way: > >> > >> vm-weakforced:~# doveadm pw -p noncewforce\x00super -s SHA256-CRYPT > >> {SHA256-CRYPT}$5$ZWIX2dnU7NJvGHgC$hYFbeCCaHYZv0yPP80GHygxQMPmI5BjMx2ttRe9zti2 > >> > >> > >> But if I log in Dovecot Server: > >> > >> vm-weakforced:~# doveadm auth login usuario > >> Password: > >> passdb: usuario auth succeeded > >> extra fields: > >> ? user=usuario > >> > >> userdb extra fields: > >> ? usuario > >> ? system_groups_user=usuario > >> ? uid=1000 > >> ? gid=1000 > >> ? home=/home/usuario > >> > >> Answer of Weakforced is always "...authentication failed": > >> > >> WforceWebserver: HTTP Request "/" from 127.0.0.1:39720: Web > >> Authentication failed > >> > >> And Dovecot logs don't show anything else: > >> ... > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: auth client > >> connected (pid=967) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: client in: > >> AUTH#0111#011PLAIN#011service=doveadm#011resp=dXN1YXJpbwB1c3VhcmlvAHVzdWFyaW8> >> (previous base64 data may contain sensitive data) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: policy(usuario): > >> Policy request http://localhost:8084/?command=allow > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: policy(usuario): > >> Policy server request JSON: > >> {"device_id":"","login":"usuario","protocol":"doveadm","pwhash":"0a00","remote":"","tls":false} > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> queue http://localhost:8084: Set request timeout to 2019-01-15 > >> 16:50:52.236 (now: 2019-01-15 16:50:50.236) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer > >> 127.0.0.1:8084 (shared): Peer created > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer > >> 127.0.0.1:8084: Peer pool created > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer > >> 127.0.0.1:8084: Peer created > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> queue http://localhost:8084: Setting up connection to 127.0.0.1:8084 (1 > >> requests pending) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer > >> 127.0.0.1:8084: Linked queue http://localhost:8084 (1 queues linked) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> queue http://localhost:8084: Started new connection to 127.0.0.1:8084 > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> request [Req4: POST http://localhost:8084/?command=allow]: Submitted > >> (requests left=1) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer > >> 127.0.0.1:8084: Creating 1 new connections to handle requests (already 0 > >> usable, connecting to 0, closing 0) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer > >> 127.0.0.1:8084: Making new connection 1 of 1 (0 connections exist, 0 > >> pending) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Connecting > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Waiting for connect (fd=20) to > >> finish for max 0 msecs > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: HTTP connection created (1 parallel connections exist) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Client connected (fd=20) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: Connected > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: Ready for requests > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer > >> 127.0.0.1:8084: Successfully connected (1 connections exist, 0 pending) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer > >> 127.0.0.1:8084: Successfully connected (1 connections exist, 0 pending) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer > >> 127.0.0.1:8084: Using 1 idle connections to handle 1 requests (1 total > >> connections ready) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> queue http://localhost:8084: Connection to peer 127.0.0.1:8084 claimed > >> request [Req4: POST http://localhost:8084/?command=allow] > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: Claimed request [Req4: POST > >> http://localhost:8084/?command=allow] > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> request [Req4: POST http://localhost:8084/?command=allow]: Sent header > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> request [Req4: POST http://localhost:8084/?command=allow]: Send more > >> (sent 95, buffered=303) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> request [Req4: POST http://localhost:8084/?command=allow]: Finished > >> sending payload > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer > >> 127.0.0.1:8084: No more requests to service for this peer (1 connections > >> exist, 0 pending) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: Got 401 response for request [Req4: POST > >> http://localhost:8084/?command=allow] (took 4 ms + 3 ms in queue) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Error: policy(usuario): > >> Policy server HTTP error: 401 Unauthorized > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: Response payload stream destroyed (0 ms after > >> initial response) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> request [Req4: POST http://localhost:8084/?command=allow]: Finished > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> queue http://localhost:8084: Dropping request [Req4: POST > >> http://localhost:8084/?command=allow] > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: > >> request [Req4: POST http://localhost:8084/?command=allow]: Free > >> (requests left=1) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer > >> 127.0.0.1:8084: No requests to service for this peer (1 connections > >> exist, 0 pending) > >> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn > >> 127.0.0.1:8084 [2]: No more requests queued; going idle (timeout = 10000 > >> msecs) > >> ... > >> > >> Any idea? > >> > >> Thank you so much > >> Regards, > >> >
Sorry, yes, I did miss the closing quote. Now, It not show auth error already, It shows an Wforced Exception: Exception in command [report] exception: Unable to convert presentation address '' But, it's no problem of Dovecot, I suppose... ;-) Thanks El 16/01/19 a las 11:11, Aki Tuomi escribi?:> Did you miss the closing quote from api_header? Also, can you turn on auth_debug=yes? > > Aki > >> On 16 January 2019 at 12:05 alberto bersol <alberto at bersol.info> wrote: >> >> >> Hi Aki, >> >> I've configured in this way: >> >> vm-weakforced:~# printf 'wforce:super' | base64 >> d2ZvcmNlOnN1cGVy >> >> vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf >> auth_policy_server_url = http://localhost:8084/ >> auth_policy_hash_nonce = some random string >> auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy >> >> With the same result... >> >> > WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web >> Authentication failed >> WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web >> Authentication failed >> WforceWebserver: HTTP Request "/" from 127.0.0.1:39752: Web >> Authentication failed >> >> I'm not considering some detail >> >> Regards, >> >> El 16/01/19 a las 09:26, Aki Tuomi escribi?: >>> Hi! >>> >>> You configure it like this: >>> >>> auth_policy_server_url = http://localhost:8084/ >>> auth_policy_hash_nonce = some random string >>> auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOkJydHpUNlRuTkZ4UUU=" >>> >>> the authorization blob is basically >>> >>> printf 'wforce:super' | base64 >>> >>> Aki >>> >>>> On 16 January 2019 at 10:06 alberto bersol <alberto at bersol.info> wrote: >>>> >>>> >>>> Hi, >>>> I'm trying to set Weakforced with Dovecot and I cannot log in policy >>>> server. This is the config: >>>> >>>> /root/weakforced/wforce/wforce.conf >>>> ----------------------------------- >>>> ... >>>> webserver("0.0.0.0:8084", "super") >>>> ... >>>> >>>> /etc/dovecot/conf.d/95-policy.conf >>>> ---------------------------------- >>>> auth_policy_server_url = http://localhost:8084/ >>>> #auth_policy_hash_nonce = wforce:super >>>> auth_policy_hash_nonce >>>> {SHA256-CRYPT}$5$Ue5UrToV.Bam02bQ$Bi9OJ62Mkgc20L2HnLVmD2OCHyXaKje6Hh7qNjnOkB9 >>>> >>>> I'm following the instructions of Dovecot's wiki: >>>> https://wiki.dovecot.org/Authentication/Policy >>>> ... >>>> "To generate the hash, you concatenate nonce, login name, nil byte, >>>> password and run it through the hash algorithm once. The hash is >>>> truncated when truncation is set to non-zero. The hash is truncated by >>>> first choosing bits from MSB to byte boundary (rounding up), then >>>> right-shifting the remainding bits. >>>> >>>> hash = H(nonce||user||'\x00'||password) >>>> bytes = round8(bits*8) >>>> hash = HEX(hash[0:bytes] >> (bytes-bits*8)) >>>> >>>> And I set hash with password (super) in this way: >>>> >>>> vm-weakforced:~# doveadm pw -p noncewforce\x00super -s SHA256-CRYPT >>>> {SHA256-CRYPT}$5$ZWIX2dnU7NJvGHgC$hYFbeCCaHYZv0yPP80GHygxQMPmI5BjMx2ttRe9zti2 >>>> >>>> >>>> But if I log in Dovecot Server: >>>> >>>> vm-weakforced:~# doveadm auth login usuario >>>> Password: >>>> passdb: usuario auth succeeded >>>> extra fields: >>>> ? user=usuario >>>> >>>> userdb extra fields: >>>> ? usuario >>>> ? system_groups_user=usuario >>>> ? uid=1000 >>>> ? gid=1000 >>>> ? home=/home/usuario >>>> >>>> Answer of Weakforced is always "...authentication failed": >>>> >>>> WforceWebserver: HTTP Request "/" from 127.0.0.1:39720: Web >>>> Authentication failed >>>> >>>> And Dovecot logs don't show anything else: >>>> ... >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: auth client >>>> connected (pid=967) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: client in: >>>> AUTH#0111#011PLAIN#011service=doveadm#011resp=dXN1YXJpbwB1c3VhcmlvAHVzdWFyaW8>>>> (previous base64 data may contain sensitive data) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: policy(usuario): >>>> Policy request http://localhost:8084/?command=allow >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: policy(usuario): >>>> Policy server request JSON: >>>> {"device_id":"","login":"usuario","protocol":"doveadm","pwhash":"0a00","remote":"","tls":false} >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> queue http://localhost:8084: Set request timeout to 2019-01-15 >>>> 16:50:52.236 (now: 2019-01-15 16:50:50.236) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer >>>> 127.0.0.1:8084 (shared): Peer created >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer >>>> 127.0.0.1:8084: Peer pool created >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >>>> 127.0.0.1:8084: Peer created >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> queue http://localhost:8084: Setting up connection to 127.0.0.1:8084 (1 >>>> requests pending) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >>>> 127.0.0.1:8084: Linked queue http://localhost:8084 (1 queues linked) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> queue http://localhost:8084: Started new connection to 127.0.0.1:8084 >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> request [Req4: POST http://localhost:8084/?command=allow]: Submitted >>>> (requests left=1) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >>>> 127.0.0.1:8084: Creating 1 new connections to handle requests (already 0 >>>> usable, connecting to 0, closing 0) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >>>> 127.0.0.1:8084: Making new connection 1 of 1 (0 connections exist, 0 >>>> pending) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Connecting >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Waiting for connect (fd=20) to >>>> finish for max 0 msecs >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: HTTP connection created (1 parallel connections exist) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: (127.0.0.1:8084): Client connected (fd=20) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: Connected >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: Ready for requests >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >>>> 127.0.0.1:8084: Successfully connected (1 connections exist, 0 pending) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client: peer >>>> 127.0.0.1:8084: Successfully connected (1 connections exist, 0 pending) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >>>> 127.0.0.1:8084: Using 1 idle connections to handle 1 requests (1 total >>>> connections ready) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> queue http://localhost:8084: Connection to peer 127.0.0.1:8084 claimed >>>> request [Req4: POST http://localhost:8084/?command=allow] >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: Claimed request [Req4: POST >>>> http://localhost:8084/?command=allow] >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> request [Req4: POST http://localhost:8084/?command=allow]: Sent header >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> request [Req4: POST http://localhost:8084/?command=allow]: Send more >>>> (sent 95, buffered=303) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> request [Req4: POST http://localhost:8084/?command=allow]: Finished >>>> sending payload >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >>>> 127.0.0.1:8084: No more requests to service for this peer (1 connections >>>> exist, 0 pending) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: Got 401 response for request [Req4: POST >>>> http://localhost:8084/?command=allow] (took 4 ms + 3 ms in queue) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Error: policy(usuario): >>>> Policy server HTTP error: 401 Unauthorized >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: Response payload stream destroyed (0 ms after >>>> initial response) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> request [Req4: POST http://localhost:8084/?command=allow]: Finished >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> queue http://localhost:8084: Dropping request [Req4: POST >>>> http://localhost:8084/?command=allow] >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: >>>> request [Req4: POST http://localhost:8084/?command=allow]: Free >>>> (requests left=1) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: peer >>>> 127.0.0.1:8084: No requests to service for this peer (1 connections >>>> exist, 0 pending) >>>> Jan 15 16:50:50 vm-weakforced dovecot: auth: Debug: http-client[1]: conn >>>> 127.0.0.1:8084 [2]: No more requests queued; going idle (timeout = 10000 >>>> msecs) >>>> ... >>>> >>>> Any idea? >>>> >>>> Thank you so much >>>> Regards, >>>>