Re: master-users problem

2024-01-20 Thread Barbara M. 

On Sat, 20 Jan 2024, Andreas Haerter wrote:


Hi Barbara,

On 13.12.23 15:08, Barbara M. wrote:

passdb {
   args = /etc/dovecot/master-users


Correct me if I am wrong, but IIRC, these files are read after privileges are 
dropped... so quick guess: is the file readable by the service user itself?




Default config from the distro rpm (RL9), was:

passdb {
  driver = passwd-file
  master = yes
  args = /etc/dovecot/master-users
  pass = yes
}


I solved my problem with this config:

auth_master_user_separator = *
passdb {
  driver = passwd-file
  args = /etc/dovecot/master-users
  master = yes
  result_success = continue
}
passdb {
  driver = shadow
}
userdb {
  driver = passwd
}


that I get from the dovecot doc.

I'm not a dovecot configuration expert, so I don't understand exactly 
how the added sections interact in the config, but this solved my problem 
(hoping that I haven't created other problems that I don't see at the 
moment ... ;-) ).


Thanks, B.
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: master-users problem

2024-01-19 Thread Andreas Haerter 

Hi Barbara,

On 13.12.23 15:08, Barbara M. wrote:

passdb {
   args = /etc/dovecot/master-users


Correct me if I am wrong, but IIRC, these files are read after 
privileges are dropped... so quick guess: is the file readable by the 
service user itself?


If your service runs with "dovecot" as user, try the following:

sudo -u "dovecot" test -r "/etc/dovecot/master-users"; echo $?

where 1 == error and 0 == success.

On many installations and setups, the /etc/dovecot/ directory is owned 
by root with 750 permission. So it might make sense to place the file 
somewhere else, e.g. beside instead of inside the /etc/dovecot/ dir, so 
you do not need to soften the permissions of the more important config 
files:



# ls -lah  /etc/ | grep dovecot
drwxr-x---  4 rootroot4.0K Jan 17 22:06 dovecot
-rw-r-  1 dovecot dovecot   76 Jan  8 00:06 dovecot-masterusers-passwd



--
Regards
Andreas Haerter

foundata GmbH
Steinhäuserstr. 20
76135 Karlsruhe

Sitz der Gesellschaft: Karlsruhe
Registergericht: Amtsgericht Mannheim, HRB 714807
Geschäftsführer: Andreas Haerter
USt-IdNr.: DE284122682

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: master-users problem

2023-12-24 Thread Barbara M. 

On Sat, 23 Dec 2023, Noel Butler via dovecot wrote:


Hi Barbara,
On 14/12/2023 00:08, Barbara M. wrote:

passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
  result_success = continue
}
 
try replacing result_success with  
pass = yes


Thanks for replay.
Already tried without success.

passdb {
  driver = passwd-file
  master = yes
  args = /etc/dovecot/master-users
#result_success = continue
  pass = yes
}

Anyway, tried again using a test user box3 and next with master user aa33:

]# telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Dovecot ready.
user box3
+OK
pass *
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.
# telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Dovecot ready.
user box3*aa33
+OK
pass 
-ERR [AUTH] Authorization failed
quit
+OK Logging out
Connection closed by foreign host.


In the enabled log I have:

Dec 24 15:54:15 pop3-login: Info: Login: user=, method=PLAIN, 
rip=127.0.0.1, lip=127.0.0.1, mpid=1282414, secured, session=<59mCn0INEIh/AAAB>
Dec 24 15:54:19 pop3(box3)<1282414><59mCn0INEIh/AAAB>: Info: Disconnected: 
Logged out top=0/0, retr=0/0, del=0/774, size=328796462

Dec 24 15:54:44 auth: Info: Master user logging in as box3
Dec 24 15:54:46 auth-worker(1282411): Info: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<4>: pam(box3,127.0.0.1,oUINxMh/AAAB>): pam_authenticate() failed: Authentication failure 
(Password mismatch?) (given password: XX)
Dec 24 15:54:51 pop3-login: Info: Disconnected: Aborted login by logging 
out (authorization failed, 1 attempts in 7 secs): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, 
session=


The master user was copied from the old server and also created with the 
syntax:

htpasswd -b -c -s passwd.masterusers aa33 

And I have a row like:

aa33:{SHA}jWMl8Ye1yJr+5Y5bo=

in the file /etc/dovecot/master-users

If useful (hoping I have extraced valuable info), I report below the debug 
log:


Dec 24 15:54:15 auth: Debug: client in: AUTH1   PLAIN 
service=pop3secured session=59mCn0INEIh/AAABlip=127.0.0.1   rip=127.0.0.1   lport=110   rport=34832 
resp=AGJveDMAMS1DYXNpbm80NS5hcGY= (previous base64 data may contain sensitive data)

Dec 24 15:54:15 auth: Debug: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Performing 
passdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<2>: Handling PASSV request
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): 
auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Performing passdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): lookup service=dovecot
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): #1/1 style=1 msg=Password:
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<2>: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished passdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<2>: Finished

Dec 24 15:54:15 auth: Debug: pam(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished 
passdb lookup
Dec 24 15:54:15 auth: Debug: auth(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Auth 
request finished
Dec 24 15:54:15 auth: Debug: client passdb out: OK  1   user=box3
Dec 24 15:54:15 auth: Debug: master in: REQUEST 2573860865  1282408 1 
a3c5e0293a186740512d8f0033e971a1session_pid=1282414

Dec 24 15:54:15 auth: Debug: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): 
Performing userdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<3>: Handling USER request
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker (pid=1282053,uid=97): 
auth-worker<3>: passwd(box3,127.0.0.1,<
59mCn0INEIh/AAAB>): Performing userdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<3>: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<3>: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): Finished userdb lookup
Dec 24 15:54:15 auth-worker(1282411): Debug: conn unix:auth-worker 
(pid=1282053,uid=97): auth-worker<3>: Finished

Dec 24 15:54:15 auth: Debug: passwd(box3,127.0.0.1,<59mCn0INEIh/AAAB>): 
Finished userdb lookup
Dec 24 15:54:15 auth: Debug: master userdb out: USER2573860865  box3
system_groups_user=box3 uid=50613   gid=100
home=/home/Users/box3   auth_mech=PLAIN
Dec 24 15:54:22 auth: Debug: auth client connected (pid=1282416)
Dec 24 15:54:44 auth: Debug:

Re: master-users problem

2023-12-22 Thread Noel Butler via dovecot 
Hi Barbara,
On 14/12/2023 00:08, Barbara M. wrote:

 passdb {
   args = /etc/dovecot/master-users
   driver = passwd-file
   master = yes
   result_success = continue
 }
 
try replacing result_success with  
pass = yes
 
 
--
Regards,
Noel Butler

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org