Displaying 16 results from an estimated 16 matches for "auth_policy_reject_on_fail".
2016 Dec 02
6
CVE-2016-8562 in dovecot
We are sorry to report that we have a bug in dovecot, which merits a
CVE. See details below. If you haven't configured any auth_policy_*
settings you are ok. This is fixed with
https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae
and
https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc
Important vulnerability in Dovecot
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
..._policy_server_api_header = "Authorization: Basic
hash_from_running_echo-n_base64"
auth_policy_server_timeout_msecs = 2000
auth_policy_hash_mech = sha256
auth_policy_request_attributes = login=%{requested_username}
pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
auth_policy_reject_on_fail = no
auth_policy_hash_truncate = 8
auth_policy_check_before_auth = yes
auth_policy_check_after_auth = yes
auth_policy_report_after_auth = yes
And auth_debug=yes
in /usr/local/etc/wforce.conf
webserver("0.0.0.0:8084", "our_password")
So when I run:
curl -X POST -H "Content...
2016 Dec 02
0
CVE-2016-8562 in dovecot
...y_* settings.
Hello,
could you be more verbose on how to verify if administrators are affected?
# doveconf -n | grep auth_policy_ | wc -l
0
but there /are/ default settings:
# doveconf -d | grep auth_policy_
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_reject_on_fail = no
auth_policy_request_attributes = login=%{orig_username} pwhash=%{hashed_password} remote=%{real_rip}
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
Is such setup vulnerable?
Thanks for clarification,
Andreas
2019 Mar 07
0
how to enable PowerDNS/Weakforced with Fedora and sendmail
...uot;Authorization: Basic
> hash_from_running_echo-n_base64"
> auth_policy_server_timeout_msecs = 2000
> auth_policy_hash_mech = sha256
> auth_policy_request_attributes = login=%{requested_username}
> pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
> auth_policy_reject_on_fail = no
> auth_policy_hash_truncate = 8
> auth_policy_check_before_auth = yes
> auth_policy_check_after_auth = yes
> auth_policy_report_after_auth = yes
>
> And auth_debug=yes
>
> in /usr/local/etc/wforce.conf
> webserver("0.0.0.0:8084 <http://0.0.0.0:8084>",...
2019 Mar 07
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
...thorization: Basic hash_from_running_echo-n_base64"
>> auth_policy_server_timeout_msecs = 2000
>> auth_policy_hash_mech = sha256
>> auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
>> auth_policy_reject_on_fail = no
>> auth_policy_hash_truncate = 8
>> auth_policy_check_before_auth = yes
>> auth_policy_check_after_auth = yes
>> auth_policy_report_after_auth = yes
>>
>> And auth_debug=yes
>>
>> in /usr/local/etc/wforce.conf
>> webserver("0.0.0.0:8...
2019 Mar 07
0
how to enable PowerDNS/Weakforced with Fedora and sendmail
...h_policy_server_timeout_msecs = 2000
> > >
> > > auth_policy_hash_mech = sha256
> > >
> > > auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
> > >
> > > auth_policy_reject_on_fail = no
> > >
> > > auth_policy_hash_truncate = 8
> > >
> > > auth_policy_check_before_auth = yes
> > >
> > > auth_policy_check_after_auth = yes
> > >
> > > auth_policy_report_after_auth = yes
> > >
> > &g...
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to
test wforce, from https://github.com/PowerDNS/weakforced.
I see instructions at the Authentication policy support page,
https://wiki2.dovecot.org/Authentication/Policy
I see the Required Minimum Configuration:
auth_policy_server_url = http://example.com:4001/
auth_policy_hash_nonce = localized_random_string
But when I
2020 Sep 07
2
Btrfs RAID-10 performance
...M
auth_cache_ttl = 30 secs
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_reject_on_fail = no
auth_policy_request_attributes = login=%{orig_username}
pwhash=%{hashed_password} remote=%{real_rip}
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = n...
2020 Sep 07
0
Btrfs RAID-10 performance
...M
auth_cache_ttl = 30 secs
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_reject_on_fail = no
auth_policy_request_attributes = login=%{orig_username}
pwhash=%{hashed_password} remote=%{real_rip}
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = n...
2020 Jul 03
0
Quota: How/where to set/change
...pi_hostname =
| auth_krb5_keytab =
| auth_master_user_separator =
| auth_mechanisms = plain login
| auth_policy_check_after_auth = yes
| auth_policy_check_before_auth = yes
| auth_policy_hash_mech = sha256
| auth_policy_hash_nonce =
| auth_policy_hash_truncate = 12
| auth_policy_log_only = no
| auth_policy_reject_on_fail = no
| auth_policy_report_after_auth = yes
| auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
| auth_policy_server_api_header =
| auth_policy_server_timeout_msecs = 2000
| auth_policy_server_url =
| auth_proxy_...
2020 Nov 10
3
SSL alert number 42
...fault_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth...
2020 Aug 25
2
zlib errors after upgrading
> On 25/08/2020 14:35 Robert Nowotny <rnowotny at rotek.at> wrote:
>
>
> I get ZLIB Errors after dovecot upgrade from 2.3.10.1 to 2.3.11.3
>
>
> Aug 21 15:27:34 lxc-imap dovecot: imap(acsida)<63870><jZk...>: Error: Mailbox Sent: UID=40826: read(zlib(/home/vmail/virtualmailboxes/acsida/storage/m.2409)) failed:
2019 Mar 30
3
Trying to track down source of duplicate messages
...ilure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_log_only = no
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username}
pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id}
protocol=%s
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth_re...
2020 Aug 28
3
zlib errors after upgrading
...= 10 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_log_only = no
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth...
2019 Sep 25
4
BUG: Mailbox renaming algorithm got into a potentially infinite loop, aborting
...lt.local
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth...
2020 Sep 07
4
Btrfs RAID-10 performance
Hello,
I sent this into the Linux Kernel Btrfs mailing list and I got reply:
"RAID-1 would be preferable"
(https://lore.kernel.org/linux-btrfs/7b364356-7041-7d18-bd77-f60e0e2e2112 at lechevalier.se/T/).
May I ask you for the comments as from people around the Dovecot?
We are using btrfs RAID-10 (/data, 4.7TB) on a physical Supermicro
server with Intel(R) Xeon(R) CPU E5-2620 v4 @