search for: nopassword

On Thursday 17 of November 2016, Aki Tuomi wrote: > On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: > > Hello. > > > > dovecot 2.2.26.0 > > > > When testing nopassword extra field > > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 > > dovecot doesn't allow any password (while it should) and returns > > > > " Authentication failed" > > > > while in logs: > > > > Nov 17 08:22:34...

Hello. dovecot 2.2.26.0 When testing nopassword extra field (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot doesn't allow any password (while it should) and returns " Authentication failed" while in logs: Nov 17 08:22:34 auth-worker(1551): Info: sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Reque...

...L certificates only (not using passwords at all). Still, user information is stored in a LDAP directory. In this configuration LDAP is used to check whether the user is registered (and probably supply quota and other info), and actual authentication is done by SSL layer. According to wiki, a "nopassword" extra field should be supplied, together with empty password. But there is no way to return an empty password from LDAP, as LDAP simply does not allow "empty attributes"; if an attribute is present, it is not empty. Supplying empty password as a static field (like this: pass_attrs =...

On 17.11.2016 10:30, Arkadiusz Mi?kiewicz wrote: > On Thursday 17 of November 2016, Aki Tuomi wrote: >> On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: >>> Hello. >>> >>> dovecot 2.2.26.0 >>> >>> When testing nopassword extra field >>> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 >>> dovecot doesn't allow any password (while it should) and returns >>> >>> " Authentication failed" >>> >>> while in logs: >>> >&gt...

On 17.11.2016 10:30, Arkadiusz Mi?kiewicz wrote: > On Thursday 17 of November 2016, Aki Tuomi wrote: >> On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: >>> Hello. >>> >>> dovecot 2.2.26.0 >>> >>> When testing nopassword extra field >>> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 >>> dovecot doesn't allow any password (while it should) and returns >>> >>> " Authentication failed" >>> >>> while in logs: >>> >&gt...

Hi! I have a few questions regarding Dovecot proxy: 1. 1.1 If I understand correctly, setting 'nopassword' in the proxy passdb file, authentication is completely up to the destination host. Setting 'nopassword' in no way means the proxy becomes an open relay. Is this correct? 1.2 Are there any security implications when using 'nopassword' on the proxy? 2. 2.1 I would like to avoid...

On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: > Hello. > > dovecot 2.2.26.0 > > When testing nopassword extra field > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot > doesn't allow any password (while it should) and returns > > " Authentication failed" > > while in logs: > > Nov 17 08:22:34 auth-worker(1551): Info: > sql(pepe,...

HI All I have setup a dovecot proxy with remote auth, value nopassword in the passdb to make the auth remotely. With pop3 and imap the authentication is made on the remote server and this work perfectly. I have tested with wrong and correct password. Then I have added the postfix sasl and this also works fine, the request is made to dovecot. My problem is that with...

Hi list, I've noticed dovecot pop3 does not request the password with 'AUTH LOGIN' when nopassword is set. dovecot-2.2.18 auth_mechanisms = plain login ssl = required auth_ssl_require_client_cert = yes auth_ssl_username_from_cert = yes passdb { ? driver = ldap ? args = /etc/dovecot/dovecot-ldap.conf.ext ? default_fields = nopassword=yes userdb_uid=vmail userdb_gid=vmail userdb_home=/var/sp...

Hm, so my mailing list archive is up, but when I add nopassword to the list of settings in my passdb passwd-file I get: file auth-request.c: line 924 (auth_request_set_field): assertion failed: (request->passdb_password == NULL) Raw backtrace: dovecot-auth [0x806be11] -> dovecot-auth [0x806bd8c] -> dovecot-auth(auth_request_set_field+0x277) [0x80547d7...

...a Dovecot proxy that authenticates the user against two backend servers. If login server1 fails, server2 should be tried. The problem: Only the first server seems to be tried, even if the login fails. Config snippet: protocol imap { passdb { driver = static args = proxy=y nopassword=y host=oldserver1.example.com port=993 ssl=y } passdb { driver = static args = proxy=y nopassword=y host=oldserver2.example.com port=993 ssl=y } } With this config, only accounts on oldserver1.example.com can login. If I reverse the two passdb entries, only acco...

...ss2 - Approved I'd really like to continue to use the auth cache, is there any solution to the above? perhaps a way to debug the cache and auth process? I wasn't able to activate auth_debug without restarting Dovecot and solving the problem. Using version 1.1.1, MySQL userdb, with "nopassword=Y". Maybe it's due to nopassword? Thanks -- Tom

Hi all, i have some troubles in the implementation of my proxyconfiguration. i have two kind of users, the first will be proxied to a dovecot backend with masteruser-login, the other one will be proxied to another non-dovecot imapserver with nopassword. Everything looks to work if i use passwd-file like this: user1:{PLAIN}pass1:::::::proxy=y host=192.168.1.1 destuser=user1*masteruser pass=masterpass user2::::::::nopassword proxy=y host=192.168.2.2 In an second step i try the same behavior with sql (postgresql), but there are my problems. In...

...vecot for authentication. Dovecot, in turn, consults a custom internal server that answers Dovecot?s userdb queries. When IMAP connections arrive, for some users we want to forward those connections--without authentication--to an external IMAP server. For these users, we return ?proxy_maybe? and ?nopassword? in the authn response from our userdb server. This tells Dovecot to proxy the connection to a new server without trying to authenticate. Exim, though, doesn?t grok ?proxy_maybe?, so it just sees ?nopassword?. In response, it just skips SMTP authentication entirely. We could address this if our...

I'm wondering if there is a way I can dynamically generate an LDAP default value by using variables. I have a configuration that works something like this on my front end proxy: pass_attrs = mail=user,\ =nopassword=y,\ =proxy=y,\ =host=mail.%d The above works perfectly well even though it seems a bit hack. I want to fetch the host field from LDAP and default it to "mail.%d" if the attribute isn't populated for the user. I have tried the following : pass_attrs = mail=user,\ =nopassword=...

...yes ? location = ? mailbox Drafts { ??? special_use = \Drafts ? } ? mailbox Junk { ??? special_use = \Junk ? } ? mailbox Sent { ??? special_use = \Sent ? } ? mailbox "Sent Messages" { ??? special_use = \Sent ? } ? mailbox Trash { ??? special_use = \Trash ? } ? prefix = } passdb { ? args = nopassword=y proxy=y host=10.5.10.121 ? driver = static ? name = static } plugin { ? sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap pop3 service auth { ? unix_listener auth-master { ??? mode = 0600 ??? user = vmail ? } } ssl = no verbose_proctitle = yes verbose_ssl = yes protocol imap { ? mai...

Hi, I was looking into the new Authentication Policy feature: https://wiki2.dovecot.org/Authentication/Policy I had kinda hoped that I would be able to enfore this in a proxy running in front of several backends. This proxy does not authenticate. It use "nopassword". But I realize that the "succes" reported in the final authpolicy req. (command=report) is not what is actaully happening on the IMAP protocol level, but rather the result of the passdb chain in the proxy. (I should probably have predicted this, it's kinda reasonable). Howeve...

...ith dovecot + mysql. Im using 'Password verification by SQL server' at: http://wiki2.dovecot.org/AuthDatabase/SQL trying to modify it to work with my encrypted passwords in the DB. Im using the following which isnt working: password_query = SELECT NULL AS password, \ 'Y' as nopassword, userid AS user \ FROM users WHERE userid='%u' AND AES_DECRYPT(password, 'mykey')=password 1. Is it even possible to do this via 'password_query'? 2. If so, what am I doing wrong? Thanks, Jeff /mf/home/jeep/shell/.signature

Hi AKi, Thanks for the quick answer! On 03/21/2018 05:24 PM, Aki Tuomi wrote: > This is what 'nopassword=y' does. I'm guessing this is an attempt to allow logging in from localhost without password, but I'd use master password (for applications or webmails), or Yes, the config is taken from the SOGo configuration guide, which can be seen here: https://sogo.nu/files/docs/v2/SOGoNativeOutl...

...yes ? location = ? mailbox Drafts { ??? special_use = \Drafts ? } ? mailbox Junk { ??? special_use = \Junk ? } ? mailbox Sent { ??? special_use = \Sent ? } ? mailbox "Sent Messages" { ??? special_use = \Sent ? } ? mailbox Trash { ??? special_use = \Trash ? } ? prefix = } passdb { ? args = nopassword=y ? default_fields = proxy=y host=10.5.10.121 ? driver = static ? name = static } plugin { ? sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap pop3 service auth { ? unix_listener auth-master { ??? mode = 0600 ??? user = vmail ? } } ssl = no verbose_proctitle = yes verbose_ssl = yes pr...