[Dovecot] Problem with checkpassword-reply
Hello
I posted an earlier post on problems with getting usernames. That one
is solved, thank you.
I'm currently having trouble executing checkpassword-reply. The
maillog shows the following error: (substituting rip/lip/user/domain)
May 27 07:21:06 saw dovecot: Logins with UID 0 not permitted (user
[EMAIL PROTECTED]
May 27 07:21:06 saw dovecot: imap-login: Internal login failure:
user=[EMAIL PROTECTED], method=plain, rip=xxx.xxx.xxx.xxx,
lip=xxx.xxx.xxx.xxx, TLS
My script reads fd3 right and gets all the details correct. Then runs
the following code:
---
$REPLY = $ARGV[0] || exit 111; # this is actually run much earlier
$ENV{HOME} = $USERSHOME/$domain/$user;
$ENV{USER} = $user;
# effective gid
$) = 300;
# effective uid
$ = 300;
exec $REPLY;
---
I've looked at the checkpassword-reply code (thank god for open source
software) and I saw that it opens fd4 for writing. I couldn't find any
documentation about this and couldn't find anyone who is using
checkpassword-reply. No sample scripts, no examples, and the
documentation on the site is extremely scarce.
The wiki docs indicate I should just execute it - which I do - but
that does not help.
Also, the debugging isn't very meaningful. I'm definitely changing the
UID and GID, but it's not apparent in the maillog. The fie permissions
on checkpassword-reply show I could execute it under any user and I've
tried that with sudo -u user /path/to/checkpassword-reply.
On a post somewhere in the vortex of the internet someone said Dovecot
does not allow any uid/gid under 99 (which is why I tried 300), but I
couldn't find any documentation for that anywhere in the wiki either.
What am I missing and is there anything I've missed that would have
prevented me from emailing the mailing list with this long email?
Thanks,
Sawyer.
[Dovecot] Domain variable in checkpassword
Hello everyone
I'm using the checkpassword method but I don't get the domain a user inputs.
I can't cross check per virtual domains if I'm not getting one, which means
it renders all my efforts useless.
I've tried sending %d as a variable to my checkpassword script, but I'm just
getting %d instead.
This is a dump of my information:
%ENV = {
'USERNAME_TRANSLATION' = '',
'SYSLOG_FACILITY' = '16',
'CACHE_SIZE' = '0',
'RESTRICT_GID_LAST' = '',
'TCPREMOTEIP' = '213.31.43.3',
'RESTRICT_GID_FIRST' = '',
'AUTH_NAME' = 'default',
'CACHE_TTL' = '3600',
'SERVICE' = 'IMAP',
'USERDB_1_DRIVER' = 'prefetch',
'USERNAME_CHARS' =
'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@',
'DOVECOT_MASTER' = '1',
'RESTRICT_SETGID' = '',
'AUTH_WORKER_MAX_COUNT' = '30',
'AUTH_WORKER_PATH' = '/var/run/dovecot/auth-worker.25291',
'PASSDB_2_ARGS' = '/etc/exim/checkp %d',
'USERNAME_FORMAT' = '',
'LOCAL_IP' = '128.177.27.100',
'PASSDB_2_DRIVER' = 'checkpassword',
'PASSDB_1_DRIVER' = 'pam',
'REALMS' = '',
'PROTO' = 'TCP',
'ANONYMOUS_USERNAME' = 'anonymous',
'RESTRICT_SETEXTRAGROUPS' = '',
'TCPLOCALIP' = '128.177.27.100',
'LOG_TO_MASTER' = '1',
'MASTER_USER_SEPARATOR' = '',
'RESTRICT_SETUID' = '',
'REMOTE_IP' = '213.31.43.3',
'RESTRICT_USER' = '',
'DOVECOT_VERSION' = '1.0.rc15',
'MECHANISMS' = 'plain',
'RESTRICT_CHROOT' = '',
'DEFAULT_REALM' = ''
};
ARGS:
@ARGV = [
'%d',
'/usr/libexec/dovecot/checkpassword-reply'
];
Thanks,
Sawyer.
