Package: dovecot-core
Version: 1:2.4.1+dfsg1-6
Severity: important
While porting a dovecot 2.3 config to 2.4,
I noticed that if I logged in as two different users,
both got the mailbox of the first user to log in.
This problem does not occur with
"doveadm exec imap -u alice" and
"doveadm exec imap -u bob".
Attached are transcripts demonstrating the problem.
This is a sufficient /etc/dovecot/dovecot.conf to trigger the problem:
dovecot_config_version = 2.4.1
dovecot_storage_version = 2.4.1
passdb pam {
}
userdb passwd {
}
auth_cache_size = 10M
I mentioned this issue informally to upstream in IRC.
I am creating this ticket so there's a formal record as well.
(Otherwise, I will definitely forget about it.)
I think but am not 100% sure that:
* upstream dovecot 2.4.1 defaults DO NOT TRIGGER this problem
* debian dovecot 2.4.1 defaults DO NOT TRIGGER this problem
* if site-local config has triggered this problem,
this should fix the immediate problem:
1. comment out all auth_cache_* settings
2. restart dovecot
* Debian 12 / dovecot-core=1:2.3.19.1+dfsg1-2.1+deb12u1 DOES NOT TRIGGER this
problem (even if auth_cache_* is enabled there).
See also:
https://doc.dovecot.org/2.3/configuration_manual/performance_tuning/
https://doc.dovecot.org/2.3/configuration_manual/authentication/caching/
https://doc.dovecot.org/2.4.1/core/config/auth/caching.html
# getent passwd alice bob clara
alice:x:1004:1004:Alice Smith:/home/alice:/bin/bash
bob:x:1005:1005:Bob Smith:/home/bob:/bin/bash
# doveconf -n
# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4 (0a86619f)
# OS: Linux 6.12.43+deb13-cloud-amd64 x86_64 Debian 13.1
# Hostname: spicy
dovecot_config_version = 2.4.1
dovecot_storage_version = 2.4.1
passdb pam {
}
userdb passwd {
}
# systemctl restart dovecot
# doveadm auth lookup alice bob clara
Error: cmd auth lookup: passdb lookup failed for alice: Configured passdbs
don't support credentials lookups
Error: cmd auth lookup: passdb lookup failed for bob: Configured passdbs don't
support credentials lookups
Error: cmd auth lookup: passdb lookup failed for clara: Configured passdbs
don't support credentials lookups
# doveadm auth login alice REDACTED
passdb: alice auth succeeded
extra fields:
user=alice
userdb user: alice
userdb extra fields:
system_groups_user=alice
uid=1004
home=/home/alice
gid=1004
auth_mech=PLAIN
# doveadm auth login bob REDACTED
passdb: bob auth succeeded
extra fields:
user=bob
userdb user: bob
userdb extra fields:
system_groups_user=bob
uid=1005
home=/home/bob
gid=1005
auth_mech=PLAIN
# doveadm auth login clara REDACTED
passdb: clara auth failed
extra fields:
user=clara
# doveadm auth lookup alice bob clara
Error: cmd auth lookup: passdb lookup failed for alice: Configured passdbs
don't support credentials lookups
Error: cmd auth lookup: passdb lookup failed for bob: Configured passdbs don't
support credentials lookups
Error: cmd auth lookup: passdb lookup failed for clara: Configured passdbs
don't support credentials lookups
#
# getent passwd alice bob clara
alice:x:1004:1004:Alice Smith:/home/alice:/bin/bash
bob:x:1005:1005:Bob Smith:/home/bob:/bin/bash
# doveconf -n
# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4 (0a86619f)
# OS: Linux 6.12.43+deb13-cloud-amd64 x86_64 Debian 13.1
# Hostname: spicy
dovecot_config_version = 2.4.1
auth_cache_size = 10M
dovecot_storage_version = 2.4.1
passdb pam {
}
userdb passwd {
}
# systemctl restart dovecot
# doveadm auth lookup alice bob clara
Error: cmd auth lookup: passdb lookup failed for alice: Configured passdbs
don't support credentials lookups
Error: cmd auth lookup: passdb lookup failed for bob: Configured passdbs don't
support credentials lookups
Error: cmd auth lookup: passdb lookup failed for clara: Configured passdbs
don't support credentials lookups
# doveadm auth login alice REDACTED
passdb: alice auth succeeded
extra fields:
user=alice
userdb user: alice
userdb extra fields:
system_groups_user=alice
uid=1004
home=/home/alice
gid=1004
auth_mech=PLAIN
# doveadm auth login bob REDACTED
passdb: bob auth succeeded
extra fields:
user=alice
original_user=bob
userdb user: alice
userdb extra fields:
system_groups_user=alice
uid=1004
home=/home/alice
gid=1004
auth_mech=PLAIN
auth_user=bob
# doveadm auth login clara REDACTED
passdb: clara auth succeeded
extra fields:
user=alice
original_user=clara
userdb user: alice
userdb extra fields:
system_groups_user=alice
uid=1004
home=/home/alice
gid=1004
auth_mech=PLAIN
auth_user=clara
# doveadm auth lookup alice bob clara
passdb: alice
user : alice
passdb: bob
user : alice
passdb: clara
user : alice
#
# getent passwd alice bob clara
alice:x:1004:1004:Alice Smith:/home/alice:/bin/bash
bob:x:1005:1005:Bob Smith:/home/bob:/bin/bash
# doveconf -n
# 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4 (0a86619f)
# OS: Linux 6.12.43+deb13-cloud-amd64 x86_64 Debian 13.1
# Hostname: spicy
dovecot_config_version = 2.4.1
auth_cache_size = 10M
dovecot_storage_version = 2.4.1
passdb pam {
fields {
some_arbitrary_key_name:default = %{user}
}
}
userdb passwd {
fields {
some_other_arbitrary_key_name:default = %{user}
}
}
# systemctl restart dovecot
# doveadm auth lookup alice bob clara
Error: cmd auth lookup: passdb lookup failed for alice: Configured passdbs
don't support credentials lookups
Error: cmd auth lookup: passdb lookup failed for bob: Configured passdbs don't
support credentials lookups
Error: cmd auth lookup: passdb lookup failed for clara: Configured passdbs
don't support credentials lookups
# doveadm auth login alice REDACTED
passdb: alice auth succeeded
extra fields:
user=alice
some_arbitrary_key_name=alice
userdb user: alice
userdb extra fields:
system_groups_user=alice
uid=1004
home=/home/alice
gid=1004
some_other_arbitrary_key_name=alice
auth_mech=PLAIN
# doveadm auth login bob REDACTED
passdb: bob auth succeeded
extra fields:
user=bob
some_arbitrary_key_name=bob
userdb user: alice
userdb extra fields:
system_groups_user=alice
uid=1004
home=/home/alice
gid=1004
some_other_arbitrary_key_name=alice
auth_mech=PLAIN
auth_user=bob
# doveadm auth login clara REDACTED
passdb: clara auth failed
extra fields:
user=clara
# doveadm auth lookup alice bob clara
passdb: alice
user : alice
some_arbitrary_key_name: alice
passdb: bob
user : bob
some_arbitrary_key_name: bob
Error: cmd auth lookup: passdb lookup failed for clara: Configured passdbs
don't support credentials lookups
#
