Displaying 17 results from an estimated 17 matches for "auth_policy_check_after_auth".
2019 Aug 02
3
auth-policy crashing
...call (no 222) to
i_stream_unref but is after.
dovecot.conf has:
auth_policy_server_url = http://policyserver.lan/
auth_policy_server_timeout_msecs = 3000
auth_policy_hash_nonce = Ohr9phaeSeip2Pahaez2raiGohxoo5Ia
auth_policy_request_attributes = remote=%{rip}
auth_policy_check_before_auth = yes
auth_policy_check_after_auth = yes
auth_policy_report_after_auth = yes
To simplify the problem I used a dummy policy server, in nginx.conf:
location / {
default_type application/json;
return 200 "{\"status\":0,\"msg\":\"accepted\"}";
}
however no matter w...
2017 Dec 14
4
auth_policy in a non-authenticating proxy chain
Hi,
I was looking into the new Authentication Policy feature:
https://wiki2.dovecot.org/Authentication/Policy
I had kinda hoped that I would be able to enfore this in a proxy running
in front of several backends. This proxy does not authenticate. It use
"nopassword".
But I realize that the "succes" reported in the final authpolicy req.
(command=report) is not what is
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
...policy_server_timeout_msecs = 2000
auth_policy_hash_mech = sha256
auth_policy_request_attributes = login=%{requested_username}
pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
auth_policy_reject_on_fail = no
auth_policy_hash_truncate = 8
auth_policy_check_before_auth = yes
auth_policy_check_after_auth = yes
auth_policy_report_after_auth = yes
And auth_debug=yes
in /usr/local/etc/wforce.conf
webserver("0.0.0.0:8084", "our_password")
So when I run:
curl -X POST -H "Content-Type: application/json" --data
'{"login":"ouruser", "remote"...
2018 Sep 15
0
auth_policy in a non-authenticating proxy chain
...elect on a node-by-node
basis which auth-policy request should be done from that node.
To my surprise the exact same functionality then turned up in 2.2.34
with just slightly different option names:*
*
*auth_policy_check_before_auth*: Whether to do policy lookup before
authentication is started
*auth_policy_check_after_auth*: Whether to do policy lookup after
authentication is completed
*auth_policy_report_after_auth*: Whether to report authentication result?
This is great.
However... in the setup where you have a proxy in front of a backend and
the backend does all authentication, it would be nice with an option...
2019 Mar 07
0
how to enable PowerDNS/Weakforced with Fedora and sendmail
...> auth_policy_hash_mech = sha256
> auth_policy_request_attributes = login=%{requested_username}
> pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
> auth_policy_reject_on_fail = no
> auth_policy_hash_truncate = 8
> auth_policy_check_before_auth = yes
> auth_policy_check_after_auth = yes
> auth_policy_report_after_auth = yes
>
> And auth_debug=yes
>
> in /usr/local/etc/wforce.conf
> webserver("0.0.0.0:8084 <http://0.0.0.0:8084>", "our_password")
> So when I run:
> curl -X POST -H "Content-Type: application/json" --da...
2019 Aug 06
0
auth-policy crashing
...>
>
> dovecot.conf has:
>
> auth_policy_server_url = http://policyserver.lan/
> auth_policy_server_timeout_msecs = 3000
> auth_policy_hash_nonce = Ohr9phaeSeip2Pahaez2raiGohxoo5Ia
> auth_policy_request_attributes = remote=%{rip}
> auth_policy_check_before_auth = yes
> auth_policy_check_after_auth = yes
> auth_policy_report_after_auth = yes
>
>
> To simplify the problem I used a dummy policy server, in nginx.conf:
>
> ??? location / {
> ??????? default_type? application/json;
> ??????? return 200 "{\"status\":0,\"msg\":\"accepted\"}&...
2019 Mar 07
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
...y_hash_mech = sha256
>> auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
>> auth_policy_reject_on_fail = no
>> auth_policy_hash_truncate = 8
>> auth_policy_check_before_auth = yes
>> auth_policy_check_after_auth = yes
>> auth_policy_report_after_auth = yes
>>
>> And auth_debug=yes
>>
>> in /usr/local/etc/wforce.conf
>> webserver("0.0.0.0:8084 <https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0-3A8084&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqA...
2019 Mar 07
0
how to enable PowerDNS/Weakforced with Fedora and sendmail
...whash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
> > >
> > > auth_policy_reject_on_fail = no
> > >
> > > auth_policy_hash_truncate = 8
> > >
> > > auth_policy_check_before_auth = yes
> > >
> > > auth_policy_check_after_auth = yes
> > >
> > > auth_policy_report_after_auth = yes
> > >
> > >
> > >
> > >
> > > And auth_debug=yes
> > >
> > >
> > >
> > >
> > > in /usr/local/etc/wforce.conf
> > >...
2018 Feb 28
5
v2.2.34 released
...auth_cache_verify_password_with_worker=yes.
+ Added charset_alias plugin. See
https://wiki2.dovecot.org/Plugins/CharsetAlias
+ imap_logout_format and pop3_logout_format settings now support all of
the generic variables (e.g. %{rip}, %{session}, etc.)
+ Added auth_policy_check_before_auth, auth_policy_check_after_auth
and auth_policy_report_after_auth settings.
- v2.2.33: doveadm-server: Various fixes related to log handling.
- v2.2.33: doveadm failed when trying to access UNIX socket that didn't
require authentication.
- v2.2.33: doveadm log reopen stopped working
- v2.2.30+: IMAP stopped advertis...
2018 Feb 28
5
v2.2.34 released
...auth_cache_verify_password_with_worker=yes.
+ Added charset_alias plugin. See
https://wiki2.dovecot.org/Plugins/CharsetAlias
+ imap_logout_format and pop3_logout_format settings now support all of
the generic variables (e.g. %{rip}, %{session}, etc.)
+ Added auth_policy_check_before_auth, auth_policy_check_after_auth
and auth_policy_report_after_auth settings.
- v2.2.33: doveadm-server: Various fixes related to log handling.
- v2.2.33: doveadm failed when trying to access UNIX socket that didn't
require authentication.
- v2.2.33: doveadm log reopen stopped working
- v2.2.30+: IMAP stopped advertis...
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to
test wforce, from https://github.com/PowerDNS/weakforced.
I see instructions at the Authentication policy support page,
https://wiki2.dovecot.org/Authentication/Policy
I see the Required Minimum Configuration:
auth_policy_server_url = http://example.com:4001/
auth_policy_hash_nonce = localized_random_string
But when I
2020 Jul 03
0
Quota: How/where to set/change
...che_size = 0
| auth_cache_ttl = 1 hours
| auth_cache_verify_password_with_worker = no
| auth_debug = no
| auth_debug_passwords = no
| auth_default_realm =
| auth_failure_delay = 2 secs
| auth_gssapi_hostname =
| auth_krb5_keytab =
| auth_master_user_separator =
| auth_mechanisms = plain login
| auth_policy_check_after_auth = yes
| auth_policy_check_before_auth = yes
| auth_policy_hash_mech = sha256
| auth_policy_hash_nonce =
| auth_policy_hash_truncate = 12
| auth_policy_log_only = no
| auth_policy_reject_on_fail = no
| auth_policy_report_after_auth = yes
| auth_policy_request_attributes = login=%{requested_username...
2020 Nov 10
3
SSL alert number 42
...gative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_cache_verify_password_with_worker = no
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip}...
2020 Aug 25
2
zlib errors after upgrading
> On 25/08/2020 14:35 Robert Nowotny <rnowotny at rotek.at> wrote:
>
>
> I get ZLIB Errors after dovecot upgrade from 2.3.10.1 to 2.3.11.3
>
>
> Aug 21 15:27:34 lxc-imap dovecot: imap(acsida)<63870><jZk...>: Error: Mailbox Sent: UID=40826: read(zlib(/home/vmail/virtualmailboxes/acsida/storage/m.2409)) failed:
2019 Mar 30
3
Trying to track down source of duplicate messages
...e_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_cache_verify_password_with_worker = no
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_log_only = no
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username}
pwhash=%{hashed...
2020 Aug 28
3
zlib errors after upgrading
...ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_cache_verify_password_with_worker = no
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 10 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_log_only = no
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashe...
2019 Sep 25
4
BUG: Mailbox renaming algorithm got into a potentially infinite loop, aborting
...s
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_cache_verify_password_with_worker = no
auth_debug = no
auth_debug_passwords = no
auth_default_realm = default.local
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip}...