similar to: AUTH_USER variable has invalid value in checkpassword Script

Not to be grumpy, but I've posted a dozen or more message to this list in the past week about what I think might be relatively common/easy issues and have had zero response except from Rick Romero who is trying, but hasn't actually done what I need himself. I'm sure someone has. Perhaps these problem are too mundane compared to CalDAV, sieve filtering and IPA to excite List interest?

I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way": passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch } I've created a checkpassword program that does

Dear dovecot maintainers: I'm using SSL client certificates together with a checkpassword scripts to authenticate our users. My problem is: In the checkpassword script the AUTH_USER environment variable will either contain the username that was configured in the mailclient (if auth_ssl_username_from_cert=false) or the username from the certificate (if auth_ssl_username_from_cert=true). I

Hi, I'm writing a checkpassword script in order to support our OTP token as a fallback for client certificate authentication. Here are two questions: 1) It seems to me that the username and the password will be delivered to my script both on file descriptor 3 and via the environment variables AUTH_USER and AUTH_PASSWORD. May I ignore file descriptor 3 and use the environment variables or may

Dear readers we are using Dovecot 2.2.7 and all of our users are using Thunderbird as their mail client. Some of them additionally use their iPad/iPhone and a very few an Android Mail-Client. Now one user noticed that two of his mail folders disappeared. He first believed that he accidentally deleted those folders but then he realized that they are still visible from his iPad. I checked this

Hi everybody, I'm using SSL client certificates or checkpassword scripts to authenticate our users. If a user sent a client certificate from his smartcard my checkpasswort will ignore the password, if he does not sent a client certificate but uses his OTP-token then my checkwassword script will check wether the password is a correct one time password. My problem is: the AUTH_USER variable

Dear reader, we are using dovecot 2.2.7 and like it very much. Authentication is done via a checkpassword program that does two things: 1) check wether the client has connected via SSL using a client certificate 2) check wether the client is using a one time password generator Most of our users are using certificates that we have created ourself. These certificates contain a

Hey all, has anyone ever successfully implemented some form of OTP system with dovecot? Im looking at setting up an OATH/HOTP-TOTP based OTP for our services, but the webmail service (which uses dovecot) is a difficult one. Any info on implementations would be appreciated, Regards, Cor

On Mon, 20 Feb 2023 at 20:03, Jochen Bern <Jochen.Bern at binect.de> wrote: > A quick question, if I may: Today, I heard a rumour that "ssh" can be > used as a TOTP *token* (i.e., accept or generate a secret for a > configuration and generate TOTP codes from there on out, to be entered > into some *other* software requesting them for 2FA). I'm not aware of any way

The sample config file has: # User to use for the process. This user needs access to only user and # password databases, nothing else. Only shadow and pam authentication # requires roots, so use something else if possible. Note that passwd # authentication with BSDs internally accesses shadow files, which also # requires roots. Note that this user is NOT used to access mails. # That

I am trying to follow http://wiki.dovecot.org/HowTo/Rootless to set up a personal dovecot server that does not use 'root' and does not need to change uids/gids. I'm trying to set it up on a Cygwin personal system. The problem I'm running into though, the directions say to set "user" and "auth_user" to be the same in this setup. However when you do this, Dovecot

Hi all, I've installed rc23 in a new testing machine, and i've had some permission problems related to dovecot-master.conf. As I have my master passwords in that file, I don't want it to be world readable. dovecot -n shows that auth_user is nobody, so setting the permissions to nobody.whatever 640 solves the problem. Anyway, I've tried to change the auth_user setting with no

Hi. I'm trying to use checkpassword for simple auth and masteruser auth. I have two programs, one called checkpassword-master (for masteruser lookup) and another called checkpassword for normal passdb and userdb lookup). All works fine for non-masteruser authentication (in this case dovecot makes a single call to checkpassword binary). But if a master-user authenticates, dovecot execute

Hi, ok, I'm am developing a new solution that includes dovecot, and will be wanting to use the latest sieve implementation, so I have chosen to start with 1.2 as the base. I had a working install of 1.1.8 installed, and got a checkpassword setup working properly with it to authenticate a user. I used the passdb to call checkpassword, and the prefetch userdb to tell it to use the values that

Script didn't run: File "/root/tmp/checkpwtest.py", line 8 o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s: ^ SyntaxError: invalid syntax --Mark -----Original Message----- From: Mark Foley <mfoley at ohprs.org> Date: Thu, 01 Feb 2018 15:34:15 -0500 Organization: Ohio Highway Patrol Retirement System To: dovecot at dovecot.org Subject: Re: AuthDatabase

Hi, does anyone already use the checkpassword authentication scheme? I have not found any description how I have to configure dovecot in order to work together with qmail?s checkpassword. Enabling ?passdb = checkpassword /bin/checkpassword? in dovecot.conf starts /bin/checkpassword for every authentication request, but the result does not seem to matter for the authentication. Without enabling

hello some times ago I posted some patches to workaround vmailmgr not fitting into dovecot's passdb-checkpassword authentication module. Yesterday I spent some spare time for carrying out a cleaner solution for this problem. Check out these patches. If you're not interested in merging them, I will make them available at the same page I used for the former solution [

On 01.02.2018 08:00, Mark Foley wrote: > I had been using the CheckPassword authentication interface with dovecot 2.2.15, > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. > > After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says, > > Checkpassword Interface > > Read <username> NUL <password> NUL

Hi all, I think I may be doing something wrong but, is it possible to proxy POP and IMAP users when using a checkpassword script as the passdb? I'm trying to write a perl script to handle authentication to a mix of SQL and POP3 sources whilst logging user passwords at the same time for a migration. At the moment, I'm trying to set environment variables to tell dovecot what to do:

Hello, I've run into the issue detailed at https://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security Understandably I don't have the skills to modify checkpassword so if I do the suggested will it work? If you can't change the script, you can make Dovecot's checkpassword-reply binary setuid or setgid (e.g. chgrp dovecot /usr/libexec/dovecot/checkpassword-reply; chmod g+s