Displaying 20 results from an estimated 2000 matches similar to: "AUTH_USER variable has invalid value in checkpassword Script"
2015 Sep 12
0
Need help on checkpassword userdb/passdb
Not to be grumpy, but I've posted a dozen or more message to this list in the
past week about what I think might be relatively common/easy issues and have had
zero response except from Rick Romero who is trying, but hasn't actually done
what I need himself. I'm sure someone has. Perhaps these problem are too mundane
compared to CalDAV, sieve filtering and IPA to excite List interest?
2015 Sep 11
2
Need help on checkpassword userdb/passdb
I'm experimenting with checkpassword as an auth method for usedb and passdb
(http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb
and passdb *exactly* as the wiki suggests as the "standard way":
passdb {
driver = checkpassword
args = /user/util/bin/checkpassword
}
userdb {
driver = prefetch
}
I've created a checkpassword program that does
2014 May 03
1
%{orig_user} missing in checkpassword-Script
Dear dovecot maintainers:
I'm using SSL client certificates together with a checkpassword scripts
to authenticate our users.
My problem is: In the checkpassword script the AUTH_USER environment
variable will either contain the username that was configured in the
mailclient (if auth_ssl_username_from_cert=false) or the username
from the certificate (if auth_ssl_username_from_cert=true).
I
2013 Apr 07
1
checkpassword protocol
Hi,
I'm writing a checkpassword script in order to support our OTP token
as a fallback for client certificate authentication. Here are two
questions:
1) It seems to me that the username and the password will be
delivered to my script both on file descriptor 3 and via the
environment variables AUTH_USER and AUTH_PASSWORD.
May I ignore file descriptor 3 and use the environment variables
or may
2014 Oct 03
2
Thunderbird ignores some folders
Dear readers
we are using Dovecot 2.2.7 and all of our users are using Thunderbird as
their mail client. Some of them additionally use their iPad/iPhone and a
very few an Android Mail-Client.
Now one user noticed that two of his mail folders disappeared. He first
believed that he accidentally deleted those folders but then he realized
that they are still visible from his iPad. I checked this
2014 Mar 27
0
%{orig_user} missing in checkpassword-Script
Hi everybody,
I'm using SSL client certificates or checkpassword scripts to authenticate
our users. If a user sent a client certificate from his smartcard my
checkpasswort will ignore the password, if he does not sent a client
certificate but uses his OTP-token then my checkwassword script will check
wether the password is a correct one time password.
My problem is: the AUTH_USER variable
2014 Nov 03
0
SSL Client authentication with trustcenter-certificate
Dear reader,
we are using dovecot 2.2.7 and like it very much. Authentication is done
via a checkpassword program that does two things:
1) check wether the client has connected via SSL using a client certificate
2) check wether the client is using a one time password generator
Most of our users are using certificates that we have created ourself.
These certificates contain a
2011 Jul 10
0
OATH/OTP?
Hey all, has anyone ever successfully implemented some form of OTP system with dovecot? Im looking at setting up an OATH/HOTP-TOTP based OTP for our services, but the webmail service (which uses dovecot) is a difficult one. Any info on implementations would be appreciated,
Regards,
Cor
2023 Feb 20
1
(Open)SSH as a TOTP *Token*?
On Mon, 20 Feb 2023 at 20:03, Jochen Bern <Jochen.Bern at binect.de> wrote:
> A quick question, if I may: Today, I heard a rumour that "ssh" can be
> used as a TOTP *token* (i.e., accept or generate a secret for a
> configuration and generate TOTP codes from there on out, to be entered
> into some *other* software requesting them for 2FA).
I'm not aware of any way
2010 May 10
0
configuration user= or auth_user=
The sample config file has:
# User to use for the process. This user needs access to only user and
# password databases, nothing else. Only shadow and pam authentication
# requires roots, so use something else if possible. Note that passwd
# authentication with BSDs internally accesses shadow files, which also
# requires roots. Note that this user is NOT used to access mails.
# That
2010 May 15
1
Setting up a 'rootless' server - user and auth_user cannot be the same
I am trying to follow http://wiki.dovecot.org/HowTo/Rootless to set up
a personal dovecot server that does not use 'root' and does not need
to change uids/gids. I'm trying to set it up on a Cygwin personal
system.
The problem I'm running into though, the directions say to set "user"
and "auth_user" to be the same in this setup. However when you do
this, Dovecot
2007 Feb 21
1
auth_user setting?
Hi all,
I've installed rc23 in a new testing machine, and i've had some permission
problems related to dovecot-master.conf. As I have my master passwords in
that file, I don't want it to be world readable.
dovecot -n shows that auth_user is nobody, so setting the permissions to
nobody.whatever 640 solves the problem.
Anyway, I've tried to change the auth_user setting with no
2010 Apr 19
1
Checkpassword/prefetch/master_user and problems
Hi.
I'm trying to use checkpassword for simple auth and masteruser auth.
I have two programs, one called checkpassword-master (for masteruser
lookup) and another called checkpassword for normal passdb and userdb
lookup).
All works fine for non-masteruser authentication (in this case dovecot
makes a single call to checkpassword binary). But if a master-user
authenticates, dovecot execute
2009 Jan 19
2
checkpassword auth issues
Hi,
ok, I'm am developing a new solution that includes dovecot, and will be
wanting to use the latest sieve implementation, so I have chosen to
start with 1.2 as the base.
I had a working install of 1.1.8 installed, and got a checkpassword
setup working properly with it to authenticate a user. I used the passdb
to call checkpassword, and the prefetch userdb to tell it to use the
values that
2018 Feb 02
0
AuthDatabase CheckPassword broken?
Script didn't run:
File "/root/tmp/checkpwtest.py", line 8
o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s:
^
SyntaxError: invalid syntax
--Mark
-----Original Message-----
From: Mark Foley <mfoley at ohprs.org>
Date: Thu, 01 Feb 2018 15:34:15 -0500
Organization: Ohio Highway Patrol Retirement System
To: dovecot at dovecot.org
Subject: Re: AuthDatabase
2005 Nov 23
2
checkpassword authentication
Hi,
does anyone already use the checkpassword authentication scheme?
I have not found any description how I have to configure dovecot in order to
work together with qmail?s checkpassword.
Enabling ?passdb = checkpassword /bin/checkpassword? in dovecot.conf starts
/bin/checkpassword for every authentication request, but the result does not
seem to matter for the authentication.
Without enabling
2006 Sep 27
0
dovecot checkpassword passdb and vmailmgr
hello
some times ago I posted some patches to workaround vmailmgr
not fitting into dovecot's passdb-checkpassword authentication
module.
Yesterday I spent some spare time for carrying out a cleaner
solution for this problem.
Check out these patches. If you're not interested in merging them,
I will make them available at the same page I used for the former
solution [
2018 Feb 01
0
AuthDatabase CheckPassword broken?
On 01.02.2018 08:00, Mark Foley wrote:
> I had been using the CheckPassword authentication interface with dovecot 2.2.15,
> https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working.
>
> After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says,
>
> Checkpassword Interface
>
> Read <username> NUL <password> NUL
2009 Nov 27
1
Proxy, using checkpassword
Hi all,
I think I may be doing something wrong but, is it possible to proxy POP and IMAP users when using a checkpassword script as the passdb?
I'm trying to write a perl script to handle authentication to a mix of SQL and POP3 sources whilst logging user passwords at the same time for a migration.
At the moment, I'm trying to set environment variables to tell dovecot what to do:
2019 Mar 19
1
Checkpassword.
Hello,
I've run into the issue detailed at
https://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
Understandably I don't have the skills to modify checkpassword so if I do
the suggested will it work?
If you can't change the script, you can make Dovecot's checkpassword-reply
binary setuid or setgid (e.g. chgrp dovecot
/usr/libexec/dovecot/checkpassword-reply; chmod g+s