similar to: Can Auth dict proxy protocol be used to validate a password?

I had been using the CheckPassword authentication interface with dovecot 2.2.15, https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. After upgrading to 2.2.33.2 CheckPassword no longer works. The referenced wiki page says, Checkpassword Interface Read <username> NUL <password> NUL from fd 3. I've checked the information read from fd 3 with 2.2.33.2

On Thu, 1 Feb 2018 10:02:10 +0200 Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > On 01.02.2018 08:00, Mark Foley wrote: > > I had been using the CheckPassword authentication interface with dovecot 2.2.15, > > https://wiki2.dovecot.org/AuthDatabase/CheckPassword, and it was working. > > > > After upgrading to 2.2.33.2 CheckPassword no longer works. The

I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way": passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch } I've created a checkpassword program that does

http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz.sig * Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security + auth: Added ability to truncate values logged by auth_verbose_passwords

http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.7.tar.gz.sig * Some usage of passdb checkpassword could have been exploitable by local users. You may need to modify your setup to keep it working. See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security + auth: Added ability to truncate values logged by auth_verbose_passwords

Hello, I've run into the issue detailed at https://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security Understandably I don't have the skills to modify checkpassword so if I do the suggested will it work? If you can't change the script, you can make Dovecot's checkpassword-reply binary setuid or setgid (e.g. chgrp dovecot /usr/libexec/dovecot/checkpassword-reply; chmod g+s

On 21 Feb 2023, at 10:12 pm, James Brown <jlbrown at bordo.com.au> wrote: > > The new one has Dovecot compiled with same configure options, same configuration files, but fails to authenticate: > > Feb 21 21:51:03 master: Info: Dovecot v2.3.20 (80a5ac675d) starting up for imap, pop3 (core dumps disabled) > Feb 21 21:51:33 auth-worker(11701): Error: conn unix:auth-worker

We've got an application in django that has passwords stored in both sha1 and pbkdf2_sha256 form. We need dovecot to be able to authenticate against the django database (we can't modify django to store passwords in dovecot's form, I'm afraid). Has anyone done a dovecot authentication plugin to support these password forms (and/or any other forms that django supports)? Thanks-

Hi Mark, Just to let you know that we are running dovecot with AD. (and I guess: *many* people are running that combination) It worked without issues, we are using in dovecot-ldap.conf.ext: > auth_bind = yes this user/passwd filter: > = (&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514))) > dn = cn=search_dovecit,cn=users,dc=company,dc=com > dnpass =

On 24.01.2017 00:06, rej ex wrote: > Because we are building some monitoring application, we will need to > record all failed and successful login attempts. We need to record > remote IP, entered password in plain text, and if possible whether auth > request is for SMTP or IMAP session. SMTP? Wouldn't that be handled by your MTA, not Dovecot? AKi Tuomi wrote: > Since

> On 22/02/2023 07:00 EET James Brown <jlbrown at bordo.com.au> wrote: > > > On 21 Feb 2023, at 10:12 pm, James Brown <jlbrown at bordo.com.au> wrote: > > > > > > > The new one has Dovecot compiled with same configure options, same configuration files, but fails to authenticate: > > > > Feb 21 21:51:03 master: Info: Dovecot v2.3.20

Thank you for the response Axel. I will look into that. I did attempt to switch the PAM/Kerberos authentication to Dovecot LDAP authentication, but now performance is unbelievably slow. For example, with PAM/Kerberos, a user can log into webmail and have all of their emails/folders showing almost immediately. When using Dovecot LDAP, it takes literally 8-10 seconds to see the same thing. I

Hello, I'm trying to configure shared mailboxes with ACL. My problem is FS layout. Our maildirs is completely outside of home dirs (home dirs is on pure SSD zpool, maildirs on separate HDD zpool). We are using checkpassword auth, which sets mailbox_location for each user. Layout is following: maildirs: /dpool/mail/maldirs/user-uuid/ home is: /dpool/mail/home/user-uuid/ index &

Yes and No. It's confusing to me which is why I ask. Per my initial email my password source is PAM. It's the userdb I'm concerned about ... which dovecot is using /etc/passwd. So dovecot is getting user information from passwd file; password information from PAM. I need to add extra fields for qouta but can't add them to /etc/passwd so I have to create a passwd with the extra

Thank you for your reply. It's not that simple, though. Just because some core algorithms are standardised and should be compatible doesn't mean their use in different implementations leads to interoperable data. The key point here seems to be that Dovecot just supports SHA-1 with PBKDF2, not SHA-256. So I'm out of luck here. The different formats are no longer relevant then.

Dear Timo thank you for the help your giving me these. I want to set expire plugin only for some domains in the same way I set autocreate plugin. vchkpw-wrapper.sh #!/bin/bash DOMAIN=`echo $VPOPUSER|sed s/^.*@//` echo $USER > /tmp/autocreate echo $DOMAIN >> /tmp/autocreate if [ "$DOMAIN" = "operaciones.qnet.com.pe" ]; then export USERDB_AUTOCREATE=INBOX.Spam

Hello, I'm setting up a new server and, again, seek for a decently secure (from a security specialist's POV) way to store and verify user passwords in a database. Additionally now, GDPR requires me to use a solid state-of-the-art solution. My OS is Ubuntu 20.04, Dovecot version 2.3.7, database backend with PostgreSQL 12. Obviously, storing the plaintext password is a terrible idea.

Script didn't run: File "/root/tmp/checkpwtest.py", line 8 o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s: ^ SyntaxError: invalid syntax --Mark -----Original Message----- From: Mark Foley <mfoley at ohprs.org> Date: Thu, 01 Feb 2018 15:34:15 -0500 Organization: Ohio Highway Patrol Retirement System To: dovecot at dovecot.org Subject: Re: AuthDatabase

Hello All, I am trying to set multiple users with passwords for modifying grub2 menu entries at boot. I know I can set a "root" user grub2 password with grub2-setpassword. I have also been able to make a grub2 user password using the grub2-mkpasswd-pbkdf2 command and adding ??? set superusers="user1" to the /etc/grub.d/40_custom file. However, I have multiple user

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for