search for: masterpassword

...needed and it was doing > problems with LMTP proxing ('User doesn't exist' error message from > backend LMTP). Thanks again. > > azur Hi! This is very dangerous configuration, please consider using what Sami suggested, viz passdb { driver = static args = password=masterpassword } and remove the master auth completely. then you can override user's password to masterpassword in proxy config. Aki

...eros, Dovecot uses master user and password to authenticate to backends (backends can be Cyrus or Exchange servers too) When authenticating with PLAIN passwords, Dovecot sends user's login and password to the backend. For GSSAPI, I use extrafields : k5principals=principal at REALM proxy=Y pass=masterpassword login_user=principal user=masteruser host=backend For PLAIN, I use a static driver : passdb { driver = static args = proxy=y host=cyrus password=%w } I can authenticate fine with Kerberos tickets and login/password on the backend. Trouble is that if I authenticate with PLAIN login/password,...

...p that verifies the user password and then switches the session to use master password when forwarding the connection to backend. something like this in director: passdb { driver = passwd-file args = /data/mail.passwd result_success = continue-ok } passdb { driver = static args = pass=masterpassword skip = unauthenticated } and in backend: passdb { driver = static args = password=masterpassword } Sami -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180216/c4b81690/attachment.html>

...user's login and password to the backend. </div> <div> <br> </div> <div> For GSSAPI, I use extrafields : </div> <div> <span style="font-family: monospace;">k5principals=principal@REALM proxy=Y pass=masterpassword login_user=principal user=masteruser host=backend</span> </div> <div> <br> </div> <div> For PLAIN, I use a static driver : </div> <div> <span style="font-family: monospace;">passdb {<br> dr...

Hi Sami, Thank you for your reply. > yes you do need to define imapc_user if you want to switch user and master user around for imapc. like: > > imapc_user = authapps > imapc_master_user = %u > > without imapc_user dovecot would login to the secondary server like A bob.test*bob.test password When I add the 'imapc_user = authapps' option to the primary instance

...proxing ('User doesn't exist' error message from >> backend LMTP). Thanks again. >> >> azur > > Hi! > > This is very dangerous configuration, please consider using what > Sami suggested, viz > > passdb { > driver = static > args = password=masterpassword > } > > and remove the master auth completely. > > then you can override user's password to masterpassword in proxy config. > Aki This is awesome, as I was just contemplating how to maintain persistence with 2FA.? Is it possible to use a passdb based on remote ip?? There...

...ng how to maintain persistence with 2FA. > Is it possible to use a passdb based on remote ip? There's a username_filter, but I want to use a master password for webmail (which will use 2FA via Radius), and those IPs are known and non-routable. passdb { driver = static args = password=masterpassword allow_nets=192.168.0.0/24 } or can even use single ip like allow_nets=192.168.1.234 Sami

...logon. In these scenarios, SOGo uses the 127.0.0.1 connection, to logon to imap. Since it does know the username. I guess a better solution would be for SOGo to be able to do 'transformations' to the username/password, to change the regular username/unknownpassword into username*master/masterpassword, and get rid of the 127.0.0.1 passwordless listener. Right? But SOGo doesn't do that. (afaik) MJ

...ssdb. Atleast if it works it will only work with PLAIN auth scheme. What I would do here is to just trust that the user is already authenticated with the first ldap passdb in the primary server and then switch the imapc connection to both master user and master password. So just put imapc_password=masterpassword in dovecot.conf of the primary server and on secondary server modify ldap config not to fetch the user password but always return password=masterpassword. and maybe protect the authentication scheme with allow_nets=127.0.0.1 from external abuse Sami

Cit?t Aki Tuomi <aki.tuomi at dovecot.fi>: >> On July 10, 2017 at 1:45 PM azurit at pobox.sk wrote: >> >> >> >> Cit?t Aki Tuomi <aki.tuomi at dovecot.fi>: >> >> >> On July 10, 2017 at 12:33 PM azurit at pobox.sk wrote: >> >> >> >> >> >> Hi, >> >> >> >> i'm trying to

Awesome, thanks for the advice. Using the following now works... passdb { driver = static args = proxy=y password=doesnotmatter } Cheers. On Feb 15 2018, at 2:40 pm, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > On 15 February 2018 at 20:22 Travis Dolan <travis.dolan at gmail.com> wrote: > > > Hello, > > I have Director setup to proxy

...arios, SOGo uses the 127.0.0.1 connection, to logon to > imap. Since it does know the username. > > I guess a better solution would be for SOGo to be able to do > 'transformations' to the username/password, to change the regular > username/unknownpassword into username*master/masterpassword, and get > rid of the 127.0.0.1 passwordless listener. > > Right? > > But SOGo doesn't do that. (afaik) > > MJ I would recommend using master password (that is, replace nopassword=y with password=staticpassword). I know that from localhost perspective this isn't much d...

Hi folks, We're looking to integrate our telephone system with our email system. The telephone system will use IMAP4 to store WAV files in a users mailbox and then retrieve them for playing if necessary. This is usually called "unified messaging". The manufacturers are claiming full integration with Microsoft Exchange and Lotus Notes using IMAP4 and a single username and

Hi Can I set up a super password and use it to login as any user. Thanks! -- Xueron Nee <xueron at gmail.com>

Hi, Is there an administrator o master account in dovecot, which could be able too access all mailboxes? I need to periodically delete some emails (older than a number of days). I wanted to use imapfilter, a program that uses imap to access mailboxes to do that, but as the users can change their passwords, I can't do it. Is there a way to do that? Thanks in advance, -- Diego.

How do you make the master login work?

Does "dovecot" have anything similar to the UW IMAP "mailadm" group operation? From near the end of: http://www.washington.edu/imap/documentation/RELNOTES.html 'Support for SASL authentication identity vs. authorization identity in the IMAP and POP3 servers. If the user indicated by the authentication identity is in the "mailadm" group, he may

Hi, i'm trying to configure Dovecot proxy with user authentication on proxy side only, so backends will authenticate using master password (proxy is configured to send it). The problem is that Dovecot, on backends, is telling me that i need to configure at least one auth mechanism: auth: Fatal: No passdbs specified in configuration file. LOGIN mechanism needs one The master auth

...ctly. And then I log in throw masteruser: # telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Welcome to our post server! x login nevorotin*master masterpassword x OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk] Logged in...

Greetings all... We are thinking about using the master DB, so a few admins can impersonate an ordinary user. So, we want to define one master for a set of users. And this administrator cannot be master of the other users? Can this be done somehow? Reading the docs, it seems that if a user is defined as master, it can login as everyone. Thanks for any hint.