Re: Auth Policy Server/wforce/weakforced
On 04.08.2017 23:10, Daniel Miller wrote:
> On 8/4/2017 12:48 PM, Daniel Miller wrote:
>> On 8/3/2017 6:11 AM, Teemu Huovila wrote:
>>>
>>> On 02.08.2017 23:35, Daniel Miller wrote:
Is there explicit documentation available for the (probably trivial)
configuration needed for Dovecot and Wforce? I'm probably missing
something that should be perfectly obvious...
Wforce appears to start without errors. I added a file to dovecot's
conf.d:
95-policy.conf:
auth_policy_server_url = http://localhost:8084/
auth_policy_hash_nonce = this_is_my_super_secret_something
Looking at the Wforce console I see:
WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication
failed
In wforce.conf I have the (default):
webserver("0.0.0.0:8084", "--WEBPWD")
Do I need to change the "--WEBPWD"? Do I need to specify something in the
Dovecot config?
>>> You could try putting an actual password, in plain text, where --WEBPWD is.
>>> Then add that base64 encoded to dovecot setting
>>> auth_policy_server_api_header.
>>>
>> I knew it would be something like that. I've made some changes but I'm
>> still not there. I presently have:
>>
>> webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe")
>> in wforce.conf (and I've tried with and without the --WEBPWD)
>>
>> and
>>
>> auth_policy_server_api_header = Authorization: Basic
>> dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl
>> in 95-policy.conf for dovecot
>>
>> Obviously I'm still formatting something wrong.
>>
> I think I've got something working a little better. I'm using:
> webserver("0.0.0.0:8084", "ultra-secret-secure-safe")
> (so I remove the --WEBPWD - that's a placeholder, not a argument declaration)
>
> and for dovecot, the base64 encoding needs to be "wforce:password" instead of
> just the password.
>
> Now I have to see what else needs to be tweaked.
>
> Daniel
Glad you got it working. Lua comments, prefixed with "--" can indeed be a bit
misleading. My sloppy answer omitting HTTP Basic auth hash contents did not
help either.
br,
Teemu
Re: Auth Policy Server/wforce/weakforced
On 8/4/2017 12:48 PM, Daniel Miller wrote:
On 8/3/2017 6:11 AM, Teemu Huovila wrote:
On 02.08.2017 23:35, Daniel Miller wrote:
Is there explicit documentation available for the (probably trivial)
configuration needed for Dovecot and Wforce? I'm probably missing
something that should be perfectly obvious...
Wforce appears to start without errors. I added a file to dovecot's
conf.d:
95-policy.conf:
auth_policy_server_url = http://localhost:8084/
auth_policy_hash_nonce = this_is_my_super_secret_something
Looking at the Wforce console I see:
WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web
Authentication failed
In wforce.conf I have the (default):
webserver("0.0.0.0:8084", "--WEBPWD")
Do I need to change the "--WEBPWD"? Do I need to specify something
in the Dovecot config?
You could try putting an actual password, in plain text, where
--WEBPWD is. Then add that base64 encoded to dovecot setting
auth_policy_server_api_header.
I knew it would be something like that. I've made some changes but
I'm still not there. I presently have:
webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe")
in wforce.conf (and I've tried with and without the --WEBPWD)
and
auth_policy_server_api_header = Authorization: Basic
dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl
in 95-policy.conf for dovecot
Obviously I'm still formatting something wrong.
I think I've got something working a little better. I'm using:
webserver("0.0.0.0:8084", "ultra-secret-secure-safe")
(so I remove the --WEBPWD - that's a placeholder, not a argument
declaration)
and for dovecot, the base64 encoding needs to be "wforce:password"
instead of just the password.
Now I have to see what else needs to be tweaked.
Daniel
Re: Auth Policy Server/wforce/weakforced
On 8/3/2017 6:11 AM, Teemu Huovila wrote:
On 02.08.2017 23:35, Daniel Miller wrote:
Is there explicit documentation available for the (probably trivial)
configuration needed for Dovecot and Wforce? I'm probably missing something
that should be perfectly obvious...
Wforce appears to start without errors. I added a file to dovecot's conf.d:
95-policy.conf:
auth_policy_server_url = http://localhost:8084/
auth_policy_hash_nonce = this_is_my_super_secret_something
Looking at the Wforce console I see:
WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication
failed
In wforce.conf I have the (default):
webserver("0.0.0.0:8084", "--WEBPWD")
Do I need to change the "--WEBPWD"? Do I need to specify something in the
Dovecot config?
You could try putting an actual password, in plain text, where --WEBPWD is.
Then add that base64 encoded to dovecot setting auth_policy_server_api_header.
I knew it would be something like that. I've made some changes but I'm
still not there. I presently have:
webserver("0.0.0.0:8084", "--WEBPWD ultra-secret-secure-safe")
in wforce.conf (and I've tried with and without the --WEBPWD)
and
auth_policy_server_api_header = Authorization: Basic
dWx0cmEtc2VjcmV0LXNlY3VyZS1zYWZl
in 95-policy.conf for dovecot
Obviously I'm still formatting something wrong.
Daniel
Re: Auth Policy Server/wforce/weakforced
On 02.08.2017 23:35, Daniel Miller wrote:
> Is there explicit documentation available for the (probably trivial)
> configuration needed for Dovecot and Wforce? I'm probably missing something
> that should be perfectly obvious...
>
> Wforce appears to start without errors. I added a file to dovecot's conf.d:
>
> 95-policy.conf:
> auth_policy_server_url = http://localhost:8084/
> auth_policy_hash_nonce = this_is_my_super_secret_something
>
> Looking at the Wforce console I see:
>
> WforceWebserver: HTTP Request "/" from 127.0.0.1:45108: Web Authentication
> failed
>
> In wforce.conf I have the (default):
>
> webserver("0.0.0.0:8084", "--WEBPWD")
>
> Do I need to change the "--WEBPWD"? Do I need to specify something in the
> Dovecot config?
You could try putting an actual password, in plain text, where --WEBPWD is.
Then add that base64 encoded to dovecot setting auth_policy_server_api_header.
hope this helps,
Teemu
