> "Aki" == Aki Tuomi writes:
Max,
It would be awesome if you could post a summary of what your setup is,
what you were trying to accomplish, and the configuration you came up
with after all this work with Aki and the rest of the team.
Digging through the entire chain would be a chore and
Ah. This is because you have a mistake in your userdb query:
SHA2(CONCAT(username, random_key), 256) AS
userdb_mail_crypt_private_password \
should be
SHA2(CONCAT(username, random_key), 256) AS
mail_crypt_private_password \
userdb_ prefix should only be used in passdb **or**
Using oauth2 or not should make no difference if the key is loaded in userdb.
Can you check with mail_debug=yes to see that it gets loaded even if you remove
it from passdb sql?
Aki
> On 31/01/2022 12:41 Max Kostikov wrote:
>
>
> Correction. Mail crypt works fine when I'm logged with the
In fact now that I looked through your configs one more, this is already what
you are doing, except you are exporting the private key password in three
different places.
So basically, if you do `doveadm user foobar` it should already give you a
correct key.
You can see if the key is correct
Hgm. You have userdb lookups enabled, why not just move the entire
mail_crypt_private_password handling there instead of passdb? This way it'll
work with LMTP/LDA as well.
So move all user related fields to the userdb lookup, and keep only the
authentication handling in passdb.
In your
Was the field present in auth debug logs, it should be shown in the "master
out" log line and also it should be visible on mail_debug=yes logs as
`plugin/mail_crypt_private_key_password`.
Aki
> On 31/01/2022 11:40 Max Kostikov wrote:
>
>
> Unfortunatelly I still get decryption error with
try adding
result_success = continue-ok
to the oauth2 database.
Aki
> On 31/01/2022 11:27 Max Kostikov wrote:
>
>
> Aki, thanks for your hint.
> Unfortunatelly I can't get this work.
> Here is my configuration.
>
> auth_mechanisms = $auth_mechanisms oauthbearer xoauth2
> passdb {
>
> On 28/01/2022 21:27 Max Kostikov wrote:
>
>
> We currently use Dovecot and mailbox encryption via the
> mail-crypt-plugin.
> With standard password authentication, we set the value of the
> individual
> password to encrypt the contents of the
> userdb_mail_crypt_private_password
>