> On 04/09/2023 15:23 EEST lejeczek via dovecot <dovecot@dovecot.org> wrote:
>
>
> On 04/09/2023 09:32, Aki Tuomi via dovecot wrote:
> >> On 04/09/2023 10:19 EEST lejeczek via dovecot <dovecot@dovecot.org> wrote:
> >>
> >>
> >> On 04/09/2023 08:54, Aki Tuomi via dovecot wrote:
> >>>> On 04/09/2023 09:47 EEST lejeczek via dovecot <dovecot@dovecot.org>
> >>>> wrote:
> >>>>
> >>>>
> >>>> Hi guys.
> >>>>
> >>>> I'm having quite bizarre situation where Dovecot logs:
> >>>> ...
> >>>> pam_unix(dovecot:auth): check pass; user unknown
> >>>> pam_unix(dovecot:auth): authentication failure; logname=
> >>>> uid=0 euid=0 tty=dovecot ruser=dupa rhost=AA.BB.CC.DD
> >>>> imap-login: Login: user=<dupa>, method=PLAIN,
> >>>> rip=AA.BB.CC.DD, lip=AA.BB.CC.DD, mpid=1756629, TLS,
> >>>> session=<uV7OwIIEWsJdviSg>:
> >>>> ...
> >>>>
> >>>> but Thunderbird allows, is okey with such user & creates an
> >>>> account for it.
> >>>> I must be having my setup miss-configured - I'm hoping it's
> >>>> something obvious somebody could point me towards.
> >>>>
> >>>> many thanks, L.
> >>> Enable auth_debug=yes and check logs again.
> >>>
> >>> Aki
> >>> _______________________________________________
> >>> dovecot mailing list -- dovecot@dovecot.org
> >>> To unsubscribe send an email to dovecot-le...@dovecot.org
> >> Just to clarify - the user who does not exist should be
> >> denied, is what I want - as general idea is: deny
> >> non-existent users.
> >> I wonder if this below is the culprit (I copy lots of
> >> configs from my very old Dovecot which laid dormant long
> >> time, I confess)
> >> ...
> >> passdb {
> >> driver = static
> >> args = password=myPass
> >> }
> >> userdb {
> >> driver = static
> >> args = uid=vmail gid=vmail home=/home/vmail/%d/%n
> >> }
> >>
> >>
> > So do you intend to use just static driver or also pam?
> >
> > Iäm guessing you are using debian with split config, so go into
> > /etc/dovecot/conf.d and comment out pam and passwd passdb and userdb,
> > restart dovecot and check with `doveconf -n` that you only have the passdbs
> > and userdbs you expect to have.
> >
> > Aki
> My goal is - what many's goal is I imagine - to have virtual
> users (& perhaps system-pam users)
>
> I what I think is happening - looking at Dovecot's behavior
> & above config - puzzles & worries me.
> Does Dovecot (partially) allows any user, existing or not,
> as long as the client supplied a valid password ??
>
> When I try a following config:
> passdb {
> driver = passwd-file
> args = scheme=sha256 username_format=%n
> /etc/dovecot/passwd.file
> }
> userdb {
> driver = passwd-file
> args = username_format=%n /etc/dovecot/passwd.file
> default_fields = uid=vmail gid=vmail home=/home/vmail/%d/%n
> }
>
> which I hope will now specifically allow only existing
> users, dovecot logs:
> ...
> auth: Error: passwd-file /etc/dovecot/passwd.file:User
> systems is missing userdb info
> ...
>
> and in '/etc/dovecot/passwd.file' :
> ...
> systems:{SHA256}2s5EZJYS..............
>
>
> -> $ doveadm user systems
>
> userdb lookup: user systems doesn't exist
> field value
>
> I've also set:
> auth_username_format = %n
A userdb file is more strict about the contents, see
https://doc.dovecot.org/configuration_manual/authentication/passwd_file/#authentication-passwd-file
so basically you need to add :::::: for the missing values, as you don't need
to supply them necessarely, but the fields must be there, even as empty.
Aki
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
