> On 21 March 2018 at 18:12 mj <li...@merit.unu.edu> wrote:
>
>
> Hi,
>
> I noticed the following in the logs of our debian wheezy server:
>
> > Mar 21 07:13:47 mail dovecot: auth: Debug:
> > ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): bind search: base=CN=Users,
> > DC=samba, DC=company, DC=com filter=(&(objectclass=person)(sAMA
> > ccountName=username)(!(userAccountControl=514)))
> > Mar 21 07:13:47 mail dovecot: auth: Debug:
> > ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): result: uid=username; uid unused
> > Mar 21 07:13:47 mail dovecot: auth: Debug:
> > ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): result: uid=username
> > Mar 21 07:13:48 mail dovecot: auth:
> > ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): invalid credentials (given
> > password: invalid_password)
> > Mar 21 07:13:48 mail dovecot: auth: Debug:
> > static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): lookup
> > Mar 21 07:13:48 mail dovecot: auth: Debug:
> > static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets: Matching for
> > network 127.0.0.1/32
> > Mar 21 07:13:48 mail dovecot: auth:
> > static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets check failed: IP
> > not in allowed networks
> > Mar 21 07:13:48 mail dovecot: auth: Debug:
> > static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): Allowing any password
> > Mar 21 07:13:54 mail dovecot: auth: Debug: auth client connected (pid=6174)
>
> The line second last line "Allowing any password" comes as a surprise..?
> Why would dovecot Allow any password..?
>
> We had the following bit in our config, but I removed it now:
>
> > #passdb {
> > # driver = static
> > # args = nopassword=y allow_nets=127.0.0.1/32
> > #}
>
> Could anyone expain the "Allowing any password"?
>
This is what 'nopassword=y' does. I'm guessing this is an attempt to allow
logging in from localhost without password, but I'd use master password (for
applications or webmails), or
doveadm exec imap -u victim
for admin use.
Aki
