Displaying 20 results from an estimated 500 matches similar to: "%{orig_user} missing in checkpassword-Script"
2014 May 03
1
%{orig_user} missing in checkpassword-Script
Dear dovecot maintainers:
I'm using SSL client certificates together with a checkpassword scripts
to authenticate our users.
My problem is: In the checkpassword script the AUTH_USER environment
variable will either contain the username that was configured in the
mailclient (if auth_ssl_username_from_cert=false) or the username
from the certificate (if auth_ssl_username_from_cert=true).
I
2015 Sep 12
0
Need help on checkpassword userdb/passdb
Not to be grumpy, but I've posted a dozen or more message to this list in the
past week about what I think might be relatively common/easy issues and have had
zero response except from Rick Romero who is trying, but hasn't actually done
what I need himself. I'm sure someone has. Perhaps these problem are too mundane
compared to CalDAV, sieve filtering and IPA to excite List interest?
2001 Apr 20
0
Fudging domain support - samba 2.2.0
Hi;
There is likely a supported way around this problem, but it wasn't
immediately apparent to me. So, I created the enclosed patch to fix my
problem.
What I would like to do is the following:
- run samba in "security = domain"
- not use trusted domains, but allow people to connect from other domains
- not maintain a local encrypted password file for samba, but instead use
our
2014 Oct 03
2
Thunderbird ignores some folders
Dear readers
we are using Dovecot 2.2.7 and all of our users are using Thunderbird as
their mail client. Some of them additionally use their iPad/iPhone and a
very few an Android Mail-Client.
Now one user noticed that two of his mail folders disappeared. He first
believed that he accidentally deleted those folders but then he realized
that they are still visible from his iPad. I checked this
2015 Sep 11
2
Need help on checkpassword userdb/passdb
I'm experimenting with checkpassword as an auth method for usedb and passdb
(http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb
and passdb *exactly* as the wiki suggests as the "standard way":
passdb {
driver = checkpassword
args = /user/util/bin/checkpassword
}
userdb {
driver = prefetch
}
I've created a checkpassword program that does
2016 Jun 16
2
Recipient delimiter and lmtp proxying
Hi,
I'm attempting to proxy lmtp using director to hash to the same backend
as pop3/imap. My pop3/imap users are of the form:
username
and my lmtp users are of the form:
<username at domain>
Where domain is fairly redundant but does carry some useful information.
Now, I can proxy lmtp using user=%{username} and
destuser=%{orig_user}, and this all appears to work correctly.
2013 Apr 07
1
checkpassword protocol
Hi,
I'm writing a checkpassword script in order to support our OTP token
as a fallback for client certificate authentication. Here are two
questions:
1) It seems to me that the username and the password will be
delivered to my script both on file descriptor 3 and via the
environment variables AUTH_USER and AUTH_PASSWORD.
May I ignore file descriptor 3 and use the environment variables
or may
2018 Mar 26
1
destuser setting useless on LMTP proxy
I tried setting the "destuser" setting on the LMTP director as follows, to preserve the original envelope rcpt:
protocol lmtp {
auth_socket_path = director-userdb
passdb {
driver = ...
override_fields = destuser=%{orig_user}
}
}
The passdb driver would return the appropriate "user" for each alias. Suppose, for example, user1 has emails user1 at domain.tld,
2013 Sep 25
2
v2.2.6 released
http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz.sig
I didn't have time to look into the latest reported dsync replication bugs, but this release should have been done a long time ago already and I'm busy for next few days, so no more waiting. Things seem to be working quite well in general though.
* acl: If public/shared
2013 Sep 25
2
v2.2.6 released
http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz.sig
I didn't have time to look into the latest reported dsync replication bugs, but this release should have been done a long time ago already and I'm busy for next few days, so no more waiting. Things seem to be working quite well in general though.
* acl: If public/shared
2019 Feb 05
0
CVE-2019-3814: Suitable client certificate can be used to login as other user
Dear subscribers,
we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached,
or download new version from https://dovecot.org
Yours sincerely,
Aki Tuomi
Open-Xchange Oy
2014 May 01
0
Problems with login_log_format (possible bug?)
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
session=<%{session}>
These are the defaults, at least on a Fedora system.
According to http://wiki2.dovecot.org/Variables, this should record for
user at REALM when seeing the following
Apr 30 18:08:40 TeaSet dovecot: auth: Debug:
auth(user,...,<JhKid0v4bAAKAQG6>): username
2019 May 16
1
Mutual auth and MS Outlook
I am trying to get Dovecot IMAP and Outlook to talk to each other with SSL
and client certificates enabled. In Dovecot, I have the following options
enabled:
ssl_ca = ...
ssl_verify_client_cert = yes
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
when I try to connect with Outlook, I get:
May 12 08:07:50 mail dovecot: imap-login: Disconnected (client didn't
2014 May 05
2
Broken IMAPS Connects Create Lingering imap-login Processes
Hello everyone,
we are running a central server (CentOS 6.5, dovecot-2.0.9-7.el6 with a
small patch to disable the IMAP CREATE command, and
openssl-1.0.1e-16.el6_5.7) and distribute standard client software to
customer( site)s.
The clients do IMAPS connects in regular intervals (no IDLE, no
lingering logins) and authenticate with certs issued by a dedicated PKI
("auth_ssl_username_from_cert
2019 Mar 31
1
Why is 'sent' folder missing in my MUA(email client)
hello,
I'm successfully send and receive emails by postfix and dovecot, but
folder name 'Sent' is gone, all sent emails are located in Drafts folder.
Anything wrong? Guess it has something to do with mailbox and location.
Here is `doveconf -n`
------------------
auth_cache_size = 1 M
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_ssl_username_from_cert =
2010 Dec 15
2
ssl enabled, but ssl_cert not set ( 2.0.7 freebsd 8.1 )
hello
trying to install dovecot 2 on a fresh installed machine
I get this error message :
doveconf -n > dovecot-new.conf
doveconf: Error: ssl enabled, but ssl_cert not set
doveconf: Fatal: Error in configuration file
/usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set
the ssl config file look like the following :
Thanks for any info.
##
## SSL settings
##
# SSL/TLS
2010 Dec 15
1
Dovecot 2.0.8 don´t recognize auth user format
My configuration file have this lines:
# doveconf | grep user
auth_anonymous_username = anonymous
auth_master_user_separator =
auth_socket_path = auth-userdb
auth_ssl_username_from_cert = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu <-----(in version 1.2.10 this work fine)
auth_username_translation =
2014 Jun 23
0
Wishlist: add a variable %{x509} expanding to the client cert in Dovecot-auth
Hi there,
As of Dovecot 2.2.9, it's possible to enable passwordless authentication
using client certificates [1]:
ssl_ca = </etc/ssl/ca.pem
ssl_verify_client_cert = yes
auth_ssl_username_from_cert = yes
(Password checking can be bypassed by returning the extra fields
?password= nopassword? in the passdb when the variable ?%k? expands to
"valid".)
However this
2018 Feb 18
0
SASL LOGIN mechanism with nopassword
Hi list,
I've noticed dovecot pop3 does not request the password with 'AUTH LOGIN' when nopassword is set.
dovecot-2.2.18
auth_mechanisms = plain login
ssl = required
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
passdb {
? driver = ldap
? args = /etc/dovecot/dovecot-ldap.conf.ext
? default_fields = nopassword=yes userdb_uid=vmail userdb_gid=vmail
2018 Feb 01
0
Why does dovecot reject password when authorizing by a certificate?
Try adding auth_debug_password=yes
Aki
On 01.02.2018 10:27, yuryb wrote:
> We have FreeBSD-server with dovecot installed on it as IMAP-server. My
> user and password database is a text file with plaintext passwords.
> Clients connect to imap-server via TLS protocol and plaintext
> password. All works fine. But I want to configure ability to authorize
> with a client certificates.