Ok, this is something... let me check...
If you're you referring to these pieces of code:
if (path != NULL) {
/* log this as error, since it probably is */
str = t_strdup_printf("%s (%s missing?)", str, path);
e_error(authdb_event(request), "%s", str);
} else if (status == PAM_AUTH_ERR) {
str = t_strconcat(str, "
("AUTH_LOG_MSG_PASSWORD_MISMATCH"?)", NULL);
if (request->set->debug_passwords) {
str = t_strconcat(str, " (given password: ",
request->mech_password,
")", NULL);
}
and:
void auth_request_log_login_failure(struct auth_request *request,
const char *subsystem,
const char *message)
I'm not a programmer, let alone a C guru, but these extracts look like
password failure logging. Are you sure they are recording successful
authentications for the logs?
On 2022-10-11 17:07, Bernardo Reino wrote:
On Mon, 10 Oct 2022, Serveria Support wrote:
I checked the source code on Github and discussed this with a C
developer. There seem to be too many files... perhaps somebody can
guide me where should I look? Aki?
You should search for "given password" in the source.
Hint:
src/auth/passdb-pam.c, around lines 175-178.
src/auth/auth-request.c, around lines 2311-2312.
This is with the latest source (2.3.19.1).
Cheers.
PS: But as I noted, nothing prevents $HACKER from bringing their own
dovecot (BYOD :) with all debugging options enabled, etc. As others
have noted, if the intruder owns your server, you have lost. Period.
