On 04/09/2023 09:32, Aki Tuomi via dovecot wrote:
On 04/09/2023 10:19 EEST lejeczek via dovecot <dovecot@dovecot.org> wrote:
On 04/09/2023 08:54, Aki Tuomi via dovecot wrote:
On 04/09/2023 09:47 EEST lejeczek via dovecot <dovecot@dovecot.org> wrote:
Hi guys.
I'm having quite bizarre situation where Dovecot logs:
...
pam_unix(dovecot:auth): check pass; user unknown
pam_unix(dovecot:auth): authentication failure; logname=
uid=0 euid=0 tty=dovecot ruser=dupa rhost=AA.BB.CC.DD
imap-login: Login: user=<dupa>, method=PLAIN,
rip=AA.BB.CC.DD, lip=AA.BB.CC.DD, mpid=1756629, TLS,
session=<uV7OwIIEWsJdviSg>:
...
but Thunderbird allows, is okey with such user & creates an
account for it.
I must be having my setup miss-configured - I'm hoping it's
something obvious somebody could point me towards.
many thanks, L.
Enable auth_debug=yes and check logs again.
Aki
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
Just to clarify - the user who does not exist should be
denied, is what I want - as general idea is: deny
non-existent users.
I wonder if this below is the culprit (I copy lots of
configs from my very old Dovecot which laid dormant long
time, I confess)
...
passdb {
driver = static
args = password=myPass
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/%n
}
So do you intend to use just static driver or also pam?
Iäm guessing you are using debian with split config, so go into
/etc/dovecot/conf.d and comment out pam and passwd passdb and userdb, restart
dovecot and check with `doveconf -n` that you only have the passdbs and userdbs
you expect to have.
Aki
My goal is - what many's goal is I imagine - to have virtual
users (& perhaps system-pam users)
I what I think is happening - looking at Dovecot's behavior
& above config - puzzles & worries me.
Does Dovecot (partially) allows any user, existing or not,
as long as the client supplied a valid password ??
When I try a following config:
passdb {
driver = passwd-file
args = scheme=sha256 username_format=%n
/etc/dovecot/passwd.file
}
userdb {
driver = passwd-file
args = username_format=%n /etc/dovecot/passwd.file
default_fields = uid=vmail gid=vmail home=/home/vmail/%d/%n
}
which I hope will now specifically allow only existing
users, dovecot logs:
...
auth: Error: passwd-file /etc/dovecot/passwd.file:User
systems is missing userdb info
...
and in '/etc/dovecot/passwd.file' :
...
systems:{SHA256}2s5EZJYS..............
-> $ doveadm user systems
userdb lookup: user systems doesn't exist
field value
I've also set:
auth_username_format = %n
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
