Hi,
It seems that master user login does not work with the 'pass=yes' option
as recommended and documented.
I defined a master user passdb as documented. In addition, I have a passdb sql.
If 'pass=yes' is defined then it seems that dovecot recognizes the master
login,
verifies the master password but then attempts to verify the ***master***
password again with the ***user*** password (?) and fails.
If 'pass=yes' is not defined then master login works OK, but if the
user does not exist I get a "* BYE Internal login failure. Refer to
server log for more information." instead of the usual "NO Authentication
failed.".
In addition, I'd like to check the SQL users before the master user, because
most logins will be done by SQL users. If I place master passdb after
passdb SQL then dovecot fails to start with "Last passdb can't have pass=yes".
How can I use master password and "pass=yes"?
I'm using dovecot 1.0.10.
This is the configuration that fails master login:
dovecot.conf:
auth_master_user_separator=*
auth default {
passdb passwd-file {
args = /usr/local/etc/passwd.masterusers
master = yes
pass = yes
}
passdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
userdb prefetch {
}
userdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
}
passwd.masterusers:
master:{SHA}aFAMsNWXTaL5dwGZWeeOhWhlTZA=
(password is 'masterpass')
log file:
Feb 18 17:44:27 ha-test1 dovecot: auth(default): client in: AUTH 1 PLAIN
service=IMAP secured lip=127.0.0.1 rip=127.0.0.1
resp=AHVzZXIxQGV4YW1wbGUub3JnKm1hc3RlcgBtYXN0ZXJwYXNz
Feb 18 17:44:27 ha-test1 dovecot: auth(default):
passwd-file(master,127.0.0.1,master): lookup: user=master
file=/usr/local/etc/passwd.masterusers
Feb 18 17:44:27 ha-test1 dovecot: auth(default):
passdb(master,127.0.0.1,master): Master user logging in as [EMAIL PROTECTED]
Feb 18 17:44:27 ha-test1 dovecot: auth-worker(default): sql([EMAIL
PROTECTED],127.0.0.1): query: SELECT username as user, password, maildir as
userdb_home, concat('maildir:', maildir) as userdb_mail, 150 as userdb_uid, 12
as userdb_gid, concat('maildir:storage=', quota) AS userdb_quota FROM mailbox
WHERE username = '[EMAIL PROTECTED]' AND active = '1'
Feb 18 17:44:27 ha-test1 dovecot: auth-worker(default): sql([EMAIL
PROTECTED],127.0.0.1): Password mismatch
***** Here 'masterpass' is compared to the **USER** password hash (?)
*******************
Feb 18 17:44:27 ha-test1 dovecot: auth-worker(default): sql([EMAIL
PROTECTED],127.0.0.1): PLAIN-MD5(masterpass) !=
'81dc9bdb52d04dc20036dbd8313ed055'
Feb 18 17:44:28 ha-test1 dovecot: auth(default): client out: FAIL 1
[EMAIL PROTECTED]
Thanks,
Ron
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
