Am 5. Februar 2017 15:14:51 MEZ schrieb drbob...@yahoo.com:
>1. The man page I get is slightly different:
>% man 5 passwd
>PASSWD(5) FreeBSD File Formats Manual
>PASSWD(5)
>
>NAME
> passwd, master.passwd -- format of the password file
>
>DESCRIPTION
> The passwd files are the local source of password information.
>They can
> be used in conjunction with the Hesiod domains `passwd' and `uid',
>and
> the NIS maps `passwd.byname', `passwd.byuid',
>`master.passwd.byname', and
> `master.passwd.byuid', as controlled by nsswitch.conf(5).
>
> For consistency, none of these files should ever be modified
>manually.
>
> The master.passwd file is readable only by root, and consists of
>newline
> separated records, one per user, containing ten colon (`:')
>separated
> fields. These fields are as follows:
>
> [...]
>
> The passwd file is generated from the master.passwd file by
>pwd_mkdb(8),
> has the class, change, and expire fields removed, and the password
>field
> replaced by a `*' character.
>
> [...]
> In the master.passwd file, the password field is the encrypted
>form of
> the password, see crypt(3). If the password field is empty, no
>password
> will be required to gain access to the machine. This is almost
>invari-
> ably a mistake, so authentication components such as PAM can
>forcibly
> disallow remote access to passwordless accounts. Because this
>file con-
> tains the encrypted user passwords, it should not be readable by
>anyone
> without appropriate privileges.
>
> A password of `*' indicates that password authentication is
>disabled for
> that account (logins through other forms of authentication, e.g.,
>using
> ssh(1) keys, will still work). The field only contains encrypted
>pass-
> words, and `*' can never be the result of encrypting a password.
> Do I need to tell dovecot to check master.passwd instead of passwd?
You could try using passwd-file as passdb but i have never used anything else
than pam and sql.
>2. Is my (simple) passdb OK?
>
>passdb {
> args = blocking=no
> driver = passwd
>}
>I guess it would be easy to try it without the "args" line.
>4. Sometimes I log in as www to do web page stuff, so files are owned
>by www. www has a shell, and a password, and can ssh fine.
Whats the uid of 'www'?
See http://wiki2.dovecot.org/UserIds the part about uids. It could be that the
www user has a uid below 500 and therefore login is disabled with the default
settings.
Christian
>Thanks for your help!
>Bob
>
>On Sunday, February 5, 2017 2:58 AM, Christian Kivalo
><ml+dove...@valo.at> wrote:
>
>>dovecot: auth: passwd(xxx,xxx,<40AjQMFHSLVLGJAC>): invalid password
>>field '*'
>
>The '*' in passwd password field stands for login disabled. See man 5
>passwd or http://www.manpages.info/freebsd/passwd.5.html
>
>>-ERR [AUTH] Authentication failed.
>
>This is probably because the users login is disabled.
>
>In one oft your provided log outputs you are trying to login as user
>'www'. Why? The webserver user has the login normaly disabled.
>
