similar to: proxy_maybe and IPv6

Hi For some application we need a master user on our IMAP servers. We use dovecot 1.1.7 in proxy mode, with proxy_maybe (some mailboxes are on the proxy itself, others are on remote servers, also running dovecot). But the proxy removes the '*master' suffix from the username when using the master user to log in on the proxy. So the base name of the user with the master password are

On Sun, Oct 04, 2020 at 10:50:32PM +1100, Damien Miller wrote: > On Sun, 4 Oct 2020, Matthieu Herrb wrote: > > > On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote: > > > On Sun, 4 Oct 2020, Damien Miller wrote: > > > > > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > > > Does your configuration

On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote: > On Sun, 4 Oct 2020, Damien Miller wrote: > > > No - I think you've stumbled on a corner case I hadn't anticipated. > > Does your configuration override CheckHostIP at all? No. > > > > What are the known_hosts entries for the hostname and IP? > > Also, do you use HashKnownHosts? or do

Hi Folks, I spent quite some time yesterday understanding how proxy works along with the director. I came to the conclusion that proxy_maybe and director cannot be used together, but this isn?t a true incompatibility so much as caused by the way things are handled and the order they are processed in. The way proxy_maybe works is that it is processed by the auth provider once it gets the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alan Coopersmith (2): Sun Bug 6504978: xman on Solaris x86 does not render correctly, nroff visible renamed: .cvsignore -> .gitignore Matthieu Herrb (1): Bump version for release git tag: xman-1.0.3 http://xorg.freedesktop.org/archive/individual/app/xman-1.0.3.tar.bz2 MD5: 3d3a4b310a65ccce82472ef83acbbf97 xman-1.0.3.tar.bz2

When using proxy_maybe CRAM-MD5 authentication fails when the connection is proxied. Is this expected behavior? Is proxy_maybe too simplified for this case? We're using SQL so I could rewrite the query with IFs to fake proxy_maybe and return the password as NULL and nologin as Y, but if it works that way couldn't it work with proxy_maybe? This works: password_query = \ SELECT NULL AS

Hello. 1. I have two identically hosts 2. I have set up replication between two hosts 3. I have 'Y' AS proxy_maybe in password_query. 4. password_query returns one of this one hosts 5. I set this parameters in dovecot config: disable_plaintext_auth = yes ssl = yes auth_mechanisms = plain login for enforce use encrypted connections by client programs.

On Sun, 4 Oct 2020, Matthieu Herrb wrote: > Hi, > > on OpenBSD-current I now get this when connecting to an existing > machine for which I have both ecdsa an ed25519 keys in my existing > known_hosts (but apparently ed25519 keys where added only for the name > previsously by ssh): > > Warning: the ED25519 host key for 'freedom' differs from the key for > the

Hello, I'm using proxy_maybe and auth_default_realm. It seems that when a user logs in without the domain name, relying on auth_default_realm, and the "host" field points to the local server, I get the Proxying loops to itself error. It does work as expected - log on to the local server without proxying, if the user does include the domain name in the login. (IP's and

Does anyone know if dovecot support regex lookups for proxy/proxy_maybe, rather than mysql/ldap etc? I've been comparing it with perdition to see which one might be better for us to do layer7 username switching. Perdition supports the ability to not have any auth/db looks, but rather just a regex file that parses the usernames as they come in and forwards to the particular machine on the

Hi, It seems that some versions of ssh-agent get confused by ECDSA-SK keys. >From my OpenBSD-current laptop, I'm trying to do remote system adminstration on a machine running Debian 8 with the stock ssh package (OpenSSH_6.7p1 Debian-5+deb8u8, OpenSSL 1.0.2l 25 May 2017). I need access to a remote gitlab server to fetch files with git, using an ED25519 key in my ssh-agent. Once connected

Hi help is preciated, PROBLEM The dovecot-ldap.conf of "proxy server A" is working when the "host" attribute is the FQDN of other server: pass_attrs = uid=user,userPassword={SSHA}password,\ =proxy_maybe=,maildrop=host,=port=143,=destuser=%u,=starttls=any-cert pass_filter = (&(objectClass=posixAccount)(uid=%u)) CASES When the "host" attribute is the

The following patch is needed on Solaris, because <sys/stat.h> has a specific macro definition for struct stat. Without this patch the prototype for nfs_safe_stat() changes between the inclusion of nfs-workarounds.h and the definition of the function. -- Matthieu Herrb -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot_lib_nfs-workarounds_c.diff

x11-ssh-askpass version 1.0.1 is now available from the following locations: http://www.jmknoble.cx/software/x11-ssh-askpass/ http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/ x11-ssh-askpass is a passphrase dialog for use with OpenSSH (www.openssh.com) under the X Window System. The important changes since version 1.0 are as follows: - Bugfixes: - If the keyboard or

Hello, I use hosts that are dual stack configured (IPv4 and IPv6) and it happens that connectivity through one or the other is broken and timeouts. In these case connection to the SSH server can take quite some time as ssh waits for the first address to timeout before trying the next. So I gave a stab at implementing RFC 8305. This patch implements part of it in sshconnect.c. * It does not do

Hi, I just fixed a couple of corner-cases relating to UpdateHostkeys in git HEAD and have enabled the option by default. IMO this protocol extension is important because it allows ssh clients to automatically migrate to the best available signature algorithms available on the server and supports our goal of deprecating RSA/SHA1 in the future. We would really appreciate your feedback on this

Has anyone checked to make sure that this won't upset sshguard? [1] Offhand, it looks like it will [2][3]. [1] https://www.sshguard.net/ [2] https://bitbucket.org/sshguard/sshguard/src/2ed7e0aee18b7271daab92d5335c14e04bb2cc89/src/parser/attacks.txt?at=master&fileviewer=file-view-default#attacks.txt-9 [3]

Hello, ???I am trying to setup dovecot director and am receiving a lot of "Aborted login (proxy dest auth failed)" and "error proxying loops to itself" messages in the dovecot log. I don't fully understand the dovecot-ldap.conf file config? could someone please let me know if the following is correct. If so what could be causing the errors mentioned above, if not what

Jörg Sonnenberger (1): Fix abs() usage. Matthieu Herrb (1): libXpm 3.5.12 Tobias Stoeckmann (4): Fix out out boundary read on unknown colors Gracefully handle EOF while parsing files. Avoid OOB write when handling malicious XPM files. Handle size_t in file/buffer length git tag: libXpm-3.5.12

Alan Coopersmith (1): Stop compiling empty sm_auth.c stub Emil Velikov (1): autogen.sh: use quoted string variables Fab (1): Fix callbacks signatures in libSM documentation Jon TURNEY (1): Include unistd.h for getpid() Matthieu Herrb (3): Fix uuid_to_string(3) type Get rid of strcpy() in the HAVE_UUID_CREATE case libSM 1.2.3 Mihail Konev (1):