similar to: SSL Client authentication with trustcenter-certificate

Dear dovecot maintainers: I'm using SSL client certificates together with a checkpassword scripts to authenticate our users. My problem is: In the checkpassword script the AUTH_USER environment variable will either contain the username that was configured in the mailclient (if auth_ssl_username_from_cert=false) or the username from the certificate (if auth_ssl_username_from_cert=true). I

Dear readers we are using Dovecot 2.2.7 and all of our users are using Thunderbird as their mail client. Some of them additionally use their iPad/iPhone and a very few an Android Mail-Client. Now one user noticed that two of his mail folders disappeared. He first believed that he accidentally deleted those folders but then he realized that they are still visible from his iPad. I checked this

Dear dovecot experts: We are using client certificates to authenthicate against a Dovecot server. Our certificates contain a x500UniqueIdentifier. I'm absolutely sure that the value of the x500UniqueIdentifier was stored into the AUTH_USER when I tested my setup last year. This has somehow changed and now AUTH_USER always contains the username. This has fatal consequences as now every owner

Hi, I'm writing a checkpassword script in order to support our OTP token as a fallback for client certificate authentication. Here are two questions: 1) It seems to me that the username and the password will be delivered to my script both on file descriptor 3 and via the environment variables AUTH_USER and AUTH_PASSWORD. May I ignore file descriptor 3 and use the environment variables or may

Dear Dovecot experts, we have unusual authentication requirements, namely: - almost all of our user are using a smartcard to connect with our mailserver. Thunderbird is our friend here as it will use the smartcard as an additional certificate store and Thunderbird will do client certificate based authentication when connecting via SSL with a mailserver - there's no way (at least that I know

The others are on openSUSE 15.4 and macOS, all are binary installs Entware build options Build options: ioloop=epoll openssl io_block_size=8192 SQL drivers: mysql Passdb: checkpassword ldap passwd passwd-file shadow sql Userdb: checkpassword ldap passwd prefetch passwd-file sql macOS build options Build options: ioloop=kqueue notify=kqueue openssl io_block_size=8192 SQL drivers: mysql Passdb:

https://bugzilla.samba.org/show_bug.cgi?id=13496 Bug ID: 13496 Summary: lseek returned -1, not 2147483648: Invalid argument (22) Product: rsync Version: 3.1.2 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: core Assignee:

Hi everybody, I'm using SSL client certificates or checkpassword scripts to authenticate our users. If a user sent a client certificate from his smartcard my checkpasswort will ignore the password, if he does not sent a client certificate but uses his OTP-token then my checkwassword script will check wether the password is a correct one time password. My problem is: the AUTH_USER variable

Hi, please have a look at the attached patch for dovecot-1.0.3 These patch modifies ssl_proxy_get_peer_name() to use the NID_x500UniqueIdentifier as username instead of NID_commonName. The reason is, that the Common Name doesn't have to be unique for the whole mailserver. Example; in germany a lot of people got the first name "Andreas" and the last name "Schulz".

http://bugzilla.mindrot.org/show_bug.cgi?id=621 Summary: scard-opensc.c: more than one private key object for a certificate Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

Not to be grumpy, but I've posted a dozen or more message to this list in the past week about what I think might be relatively common/easy issues and have had zero response except from Rick Romero who is trying, but hasn't actually done what I need himself. I'm sure someone has. Perhaps these problem are too mundane compared to CalDAV, sieve filtering and IPA to excite List interest?

Hi. I'm trying to use checkpassword for simple auth and masteruser auth. I have two programs, one called checkpassword-master (for masteruser lookup) and another called checkpassword for normal passdb and userdb lookup). All works fine for non-masteruser authentication (in this case dovecot makes a single call to checkpassword binary). But if a master-user authenticates, dovecot execute

Hi, ok, I'm am developing a new solution that includes dovecot, and will be wanting to use the latest sieve implementation, so I have chosen to start with 1.2 as the base. I had a working install of 1.1.8 installed, and got a checkpassword setup working properly with it to authenticate a user. I used the passdb to call checkpassword, and the prefetch userdb to tell it to use the values that

I posted earlier with reports of less than stellar success in using Active Directory for dovecot authentication. My approach is to using the two-step approach of - obtaining the user DN by a search using an authenticated bind (using a service account) - then binding as that DN, and returning the relevant user attributes This hasn't been succesful. Dovecot's authentication process does

hello some times ago I posted some patches to workaround vmailmgr not fitting into dovecot's passdb-checkpassword authentication module. Yesterday I spent some spare time for carrying out a cleaner solution for this problem. Check out these patches. If you're not interested in merging them, I will make them available at the same page I used for the former solution [

Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just not knowledgeable enough about how to use ldap and Active Directory. The dovecot wiki https://wiki2.dovecot.org/AuthDatabase/LDAPm doesn't help me much. All it says is: Active Directory When connecting to AD, you may need to use port 3268. Then again, not all LDAP fields are available in port

Script didn't run: File "/root/tmp/checkpwtest.py", line 8 o?= with os.fdopen(DOVECOT_PW_FD, 'r') as s: ^ SyntaxError: invalid syntax --Mark -----Original Message----- From: Mark Foley <mfoley at ohprs.org> Date: Thu, 01 Feb 2018 15:34:15 -0500 Organization: Ohio Highway Patrol Retirement System To: dovecot at dovecot.org Subject: Re: AuthDatabase

You might get better results with https://wiki.dovecot.org/HowTo/ActiveDirectoryNtlm It seems you'd have to configure OpenLDAP backend for Samba to have LDAP. Aki On 04.12.2017 02:38, Mark Foley wrote: > Unfortunately, I tried for weeks to figure out passdb ldap without success. I guess I'm just > not knowledgeable enough about how to use ldap and Active Directory. The dovecot

Hi, does anyone already use the checkpassword authentication scheme? I have not found any description how I have to configure dovecot in order to work together with qmail?s checkpassword. Enabling ?passdb = checkpassword /bin/checkpassword? in dovecot.conf starts /bin/checkpassword for every authentication request, but the result does not seem to matter for the authentication. Without enabling

I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way": passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch } I've created a checkpassword program that does