Proper syntax for using `allow_nets` with dovecot passdb sql

Thu, 23 Jan 2025 21:38:25 -0800

Hi there, I posted this question in ServerFault (https://serverfault.com/questions/1170095/proper-syntax-for-using-allow-nets-with-dovecot-passdb-sql) but haven't gotten an answer after 10 days so thought I'd try here, I appreciate any help you can offer! 
I want to allow for two auth methods in dovecot via SQL. First, the 
traditional route where the password is hashed with |SHA512-CRYPT| and 
compared to the DB response. Second, where the request is coming from a 
user already authenticated by a different part of the local system, and 
the hash itself is passed and compared as |PLAIN|.

It works perfectly with the following |auth-sql.conf.ext| and associated 
sql files...

|# Passdb for traditional method passdb { driver = sql args = 
/etc/dovecot/conf.d/dovecot-sql.conf.ext } # Passdb for hybrid method 
(direct hash comparison) passdb { driver = sql args = 
/etc/dovecot/conf.d/dovecot-sql-hybrid.conf.ext } # Userdb prefetch to 
use attributes from the passdb query userdb { driver = prefetch } # 
Userdb static as fallback for default attributes userdb { driver = 
static args = uid=vmail gid=vmail home=/srv/mail/%d/%n } |

The problem I'm having is that I want to secure the second hybrid 
|PLAIN| method so that it can only be used by the local host using the 
|allow_nets| argument. In the documentation 
<https://doc.dovecot.org/2.3/configuration_manual/authentication/allow_nets/#authentication-allow-nets> 
it shows that I should simply add it to the |args| like this...

|args = /etc/dovecot/conf.d/dovecot-sql-hybrid.conf.ext 
allow_nets=local,127.0.0.1/32 |

But as soon as I do this, the logs show that it's trying to open the 
entire string as if the |allow_nets...| argument is part of the path, 
and fails to find the file. I've tried moving the |allow_nets| argument 
to the beginning, but that had the same result.

What is the correct syntax for using |allow_nets| with |passdb sql|?

# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)

# OS: Linux 5.14.0-503.21.1.el9_5.x86_64 x86_64 Rocky Linux release 9.5 
(Blue Onyx) xfs

Thanks,
Kevin.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org














    











					Reply via email to