similar to: auth_policy in a non-authenticating proxy chain

Displaying 20 results from an estimated 1000 matches similar to: "auth_policy in a non-authenticating proxy chain"

2018 Sep 15
0
auth_policy in a non-authenticating proxy chain
Hi ... After the below thread, I wrote a patch to select on a node-by-node basis which auth-policy request should be done from that node. To my surprise the exact same functionality then turned up in 2.2.34 with just slightly different option names:* * *auth_policy_check_before_auth*: Whether to do policy lookup before authentication is started *auth_policy_check_after_auth*: Whether to do
2017 Dec 14
0
auth_policy in a non-authenticating proxy chain
> On 14 Dec 2017, at 8.30, Peter Mogensen <apm at one.com> wrote: > However... since the proxy use "nopassword", ALL passdb lookups result > in "success", so the proxy will never report an authentication failure > to the authpolicy server. Why not authenticate the sessions at the proxy level already? Is there any reason not to do that? Sami
2018 Sep 15
1
auth_policy in a non-authenticating proxy chain
On 09/15/2018 10:41 AM, Aki Tuomi wrote: > Point of sending the success ones is to maintain whitelist as well as > blacklist so you know which ones you should not tarpit anymore. We > know it does scale as we have very large deployments using the whole > three request per login model. > > "Success" in a proxy which is not it self authenticating is only whether it know
2019 Aug 02
3
auth-policy crashing
My auth process is dumping core. This happens several times per day but dovecot can operate normally for hours between errors. The crash occurs in src/auth/auth-policy.c, line 356: t at 1 (l at 1) program terminated by signal SEGV (no mapping at the fault address) Current function is auth_policy_parse_response 356 context->request->policy_refusal = FALSE;
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes =
2019 Mar 07
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
So for auth_policy_server_api_header. is the value of our_password come from the hashed response or the plain-text password? What else am I doing wrong? Mar 7 09:20:53 olddsm wforce[17763]: WforceWebserver: HTTP Request "/" from 127.0.0.1:56416: Web Authentication failed curl -X POST -H "Content-Type: application/json" --data '{"login?:?ouruser?, "remote":
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I
2016 Aug 22
2
LMTP doing passdb queries ?
Hi, I can see dovecot is doing a passdb query when handling the LMTP RCPT command. That's kinda unexpected for me. I would have thought it only did a userdb lookup. I have disabled lmtp_proxy to be sure it didn't do a passdb lookup to check the proxy field. Is this expected? Doesn't the LDA only do userdb lookups? /Peter
2006 Oct 10
4
[LLVMdev] FP emulation
Hi, >> My target supports only f64 at the moment. >> Question: How can I tell LLVM that float is the same as double on my >> target? May be by assigning the same register class to both MVT::f32 ?> and MVT::f64? >Just don't assign a register class for the f32 type. This is what the >X86 backend does when it is in "floating point stack mode". This will
2006 Oct 10
0
[LLVMdev] FP emulation
> > That is a reasonable way to do it. Another reasonable way would be > > to lower them in the instruction selector itself though the use of > > custom expanders. In practice, using instructions with "call foo" > in > them instead of lowering to calls may be simpler. > > Hmm, let me see. Just to check that I understand your proposal > correctly:
2019 Sep 03
3
dsync and altpath on shared storage.
On 9/2/19 3:03 PM, Sami Ketola wrote: >> On 2 Sep 2019, at 15.25, Peter Mogensen via dovecot <dovecot at dovecot.org> wrote: ... >> Is there anyway for dsync to avoid moving Gigabytes of data for could >> just be "moved" by moving the mount? > > > Not tested but you can probably do something like this in the target server: > > doveadm backup -u
2016 Nov 17
4
BUG: nopassword doesn't work with CRAM-MD5
On Thursday 17 of November 2016, Aki Tuomi wrote: > On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: > > Hello. > > > > dovecot 2.2.26.0 > > > > When testing nopassword extra field > > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 > > dovecot doesn't allow any password (while it should) and returns > > > >
2020 Aug 25
2
zlib errors after upgrading
> On 25/08/2020 14:35 Robert Nowotny <rnowotny at rotek.at> wrote: > > > I get ZLIB Errors after dovecot upgrade from 2.3.10.1 to 2.3.11.3 > > > Aug 21 15:27:34 lxc-imap dovecot: imap(acsida)<63870><jZk...>: Error: Mailbox Sent: UID=40826: read(zlib(/home/vmail/virtualmailboxes/acsida/storage/m.2409)) failed:
2019 Aug 01
2
IMAP frontend authenticating proxy with GSSAPI/Kerberos SSO
Hi, My IMAP backend server is lacking SSO authentication, so I am trying to set up Dovecot in front of it as an authenticating proxy. Fortunately, my backend server provides a way to ignore the password provided and will simply trust the username given to be authenticated, using plain login authentication. I'm struggling with setting this up, as it seems to me that as soon as I enable
2006 Oct 09
2
[LLVMdev] FP emulation
Hi, I'm now ready to implement the FP support for my embedded target. My target supports only f64 at the moment. Question: How can I tell LLVM that float is the same as double on my target? May be by assigning the same register class to both MVT::f32 and MVT::f64? But FP is supported only in the emulated mode, because the target does not have any hardware support for FP. Therefore each FP
2008 Dec 08
3
"nopassword" extra field useless with LDAP passdb
Hi, We are trying to implement a highly secure mail server with user authentication restricted to SSL certificates only (not using passwords at all). Still, user information is stored in a LDAP directory. In this configuration LDAP is used to check whether the user is registered (and probably supply quota and other info), and actual authentication is done by SSL layer. According to wiki, a
2016 Nov 17
2
BUG: nopassword doesn't work with CRAM-MD5
Hello. dovecot 2.2.26.0 When testing nopassword extra field (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot doesn't allow any password (while it should) and returns " Authentication failed" while in logs: Nov 17 08:22:34 auth-worker(1551): Info: sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we have a NULL password
2006 Oct 09
0
[LLVMdev] FP emulation
On Mon, 9 Oct 2006, Roman Levenstein wrote: > I'm now ready to implement the FP support for my embedded target. cool. > My target supports only f64 at the moment. > Question: How can I tell LLVM that float is the same as double on my > target? May be by assigning the same register class to both MVT::f32 > and MVT::f64? Just don't assign a register class for the f32 type.
2020 Aug 19
3
sieve_max_script_size is ignored
I am in troubles with compiling sieve scripts larger than 1MB. I see in logs following errors: Aug 19 13:10:26 mail dovecot: lmtp(z.z at xxx.xxx)<22117><uNBGHKIIPV9lVgAA5ldI4A>: Error: sieve: autoreply: line 16818: quoted string started at line 3 is too long (longer than 1048576 bytes) Aug 19 13:10:26 mail dovecot: lmtp(z.z at xxx.xxx)<22117><uNBGHKIIPV9lVgAA5ldI4A>:
2019 Dec 27
2
Dovecot proxy: authentication best practices
Hi! I have a few questions regarding Dovecot proxy: 1. 1.1 If I understand correctly, setting 'nopassword' in the proxy passdb file, authentication is completely up to the destination host. Setting 'nopassword' in no way means the proxy becomes an open relay. Is this correct? 1.2 Are there any security implications when using 'nopassword' on the proxy? 2. 2.1 I would