Re: Auth Policy Server/wforce/weakforced
On 04.08.2017 23:10, Daniel Miller wrote: > On 8/4/2017 12:48 PM, Daniel Miller wrote: >> On 8/3/2017 6:11 AM, Teemu Huovila wrote: >>> >>> On 02.08.2017 23:35, Daniel Miller wrote: Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... Wforce appears to start without errors. I added a file to dovecot's conf.d: 95-policy.conf: auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = this_is_my_super_secret_something Looking at the Wforce console I see: WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication failed In wforce.conf I have the (default): webserver("0.0.0.0:8084", "--WEBPWD") Do I need to change the "--WEBPWD"? Do I need to specify something in the Dovecot config? >>> You could try putting an actual password, in plain text, where --WEBPWD is. >>> Then add that base64 encoded to dovecot setting >>> auth_policy_server_api_header. >>> >> I knew it would be something like that. I've made some changes but I'm >> still not there. I presently have: >> >> webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe") >> in wforce.conf (and I've tried with and without the --WEBPWD) >> >> and >> >> auth_policy_server_api_header = Authorization: Basic >> dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl >> in 95-policy.conf for dovecot >> >> Obviously I'm still formatting something wrong. >> > I think I've got something working a little better. I'm using: > webserver("0.0.0.0:8084", "ultra-secret-secure-safe") > (so I remove the --WEBPWD - that's a placeholder, not a argument declaration) > > and for dovecot, the base64 encoding needs to be "wforce:password" instead of > just the password. > > Now I have to see what else needs to be tweaked. > > Daniel Glad you got it working. Lua comments, prefixed with "--" can indeed be a bit misleading. My sloppy answer omitting HTTP Basic auth hash contents did not help either. br, Teemu
Re: Auth Policy Server/wforce/weakforced
On 8/4/2017 12:48 PM, Daniel Miller wrote: On 8/3/2017 6:11 AM, Teemu Huovila wrote: On 02.08.2017 23:35, Daniel Miller wrote: Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... Wforce appears to start without errors. I added a file to dovecot's conf.d: 95-policy.conf: auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = this_is_my_super_secret_something Looking at the Wforce console I see: WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication failed In wforce.conf I have the (default): webserver("0.0.0.0:8084", "--WEBPWD") Do I need to change the "--WEBPWD"? Do I need to specify something in the Dovecot config? You could try putting an actual password, in plain text, where --WEBPWD is. Then add that base64 encoded to dovecot setting auth_policy_server_api_header. I knew it would be something like that. I've made some changes but I'm still not there. I presently have: webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe") in wforce.conf (and I've tried with and without the --WEBPWD) and auth_policy_server_api_header = Authorization: Basic dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl in 95-policy.conf for dovecot Obviously I'm still formatting something wrong. I think I've got something working a little better. I'm using: webserver("0.0.0.0:8084", "ultra-secret-secure-safe") (so I remove the --WEBPWD - that's a placeholder, not a argument declaration) and for dovecot, the base64 encoding needs to be "wforce:password" instead of just the password. Now I have to see what else needs to be tweaked. Daniel
Re: Auth Policy Server/wforce/weakforced
On 8/3/2017 6:11 AM, Teemu Huovila wrote: On 02.08.2017 23:35, Daniel Miller wrote: Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... Wforce appears to start without errors. I added a file to dovecot's conf.d: 95-policy.conf: auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = this_is_my_super_secret_something Looking at the Wforce console I see: WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication failed In wforce.conf I have the (default): webserver("0.0.0.0:8084", "--WEBPWD") Do I need to change the "--WEBPWD"? Do I need to specify something in the Dovecot config? You could try putting an actual password, in plain text, where --WEBPWD is. Then add that base64 encoded to dovecot setting auth_policy_server_api_header. I knew it would be something like that. I've made some changes but I'm still not there. I presently have: webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe") in wforce.conf (and I've tried with and without the --WEBPWD) and auth_policy_server_api_header = Authorization: Basic dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl in 95-policy.conf for dovecot Obviously I'm still formatting something wrong. Daniel
Re: Auth Policy Server/wforce/weakforced
On 02.08.2017 23:35, Daniel Miller wrote: > Is there explicit documentation available for the (probably trivial) > configuration needed for Dovecot and Wforce? I'm probably missing something > that should be perfectly obvious... > > Wforce appears to start without errors. I added a file to dovecot's conf.d: > > 95-policy.conf: > auth_policy_server_url = http://localhost:8084/ > auth_policy_hash_nonce = this_is_my_super_secret_something > > Looking at the Wforce console I see: > > WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication > failed > > In wforce.conf I have the (default): > > webserver("0.0.0.0:8084", "--WEBPWD") > > Do I need to change the "--WEBPWD"? Do I need to specify something in the > Dovecot config? You could try putting an actual password, in plain text, where --WEBPWD is. Then add that base64 encoded to dovecot setting auth_policy_server_api_header. hope this helps, Teemu