[Dovecot] Problem with checkpassword-reply
Hello I posted an earlier post on problems with getting usernames. That one is solved, thank you. I'm currently having trouble executing checkpassword-reply. The maillog shows the following error: (substituting rip/lip/user/domain) May 27 07:21:06 saw dovecot: Logins with UID 0 not permitted (user [EMAIL PROTECTED] May 27 07:21:06 saw dovecot: imap-login: Internal login failure: user=[EMAIL PROTECTED], method=plain, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS My script reads fd3 right and gets all the details correct. Then runs the following code: --- $REPLY = $ARGV[0] || exit 111; # this is actually run much earlier $ENV{HOME} = $USERSHOME/$domain/$user; $ENV{USER} = $user; # effective gid $) = 300; # effective uid $ = 300; exec $REPLY; --- I've looked at the checkpassword-reply code (thank god for open source software) and I saw that it opens fd4 for writing. I couldn't find any documentation about this and couldn't find anyone who is using checkpassword-reply. No sample scripts, no examples, and the documentation on the site is extremely scarce. The wiki docs indicate I should just execute it - which I do - but that does not help. Also, the debugging isn't very meaningful. I'm definitely changing the UID and GID, but it's not apparent in the maillog. The fie permissions on checkpassword-reply show I could execute it under any user and I've tried that with sudo -u user /path/to/checkpassword-reply. On a post somewhere in the vortex of the internet someone said Dovecot does not allow any uid/gid under 99 (which is why I tried 300), but I couldn't find any documentation for that anywhere in the wiki either. What am I missing and is there anything I've missed that would have prevented me from emailing the mailing list with this long email? Thanks, Sawyer.
[Dovecot] Domain variable in checkpassword
Hello everyone I'm using the checkpassword method but I don't get the domain a user inputs. I can't cross check per virtual domains if I'm not getting one, which means it renders all my efforts useless. I've tried sending %d as a variable to my checkpassword script, but I'm just getting %d instead. This is a dump of my information: %ENV = { 'USERNAME_TRANSLATION' = '', 'SYSLOG_FACILITY' = '16', 'CACHE_SIZE' = '0', 'RESTRICT_GID_LAST' = '', 'TCPREMOTEIP' = '213.31.43.3', 'RESTRICT_GID_FIRST' = '', 'AUTH_NAME' = 'default', 'CACHE_TTL' = '3600', 'SERVICE' = 'IMAP', 'USERDB_1_DRIVER' = 'prefetch', 'USERNAME_CHARS' = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@', 'DOVECOT_MASTER' = '1', 'RESTRICT_SETGID' = '', 'AUTH_WORKER_MAX_COUNT' = '30', 'AUTH_WORKER_PATH' = '/var/run/dovecot/auth-worker.25291', 'PASSDB_2_ARGS' = '/etc/exim/checkp %d', 'USERNAME_FORMAT' = '', 'LOCAL_IP' = '128.177.27.100', 'PASSDB_2_DRIVER' = 'checkpassword', 'PASSDB_1_DRIVER' = 'pam', 'REALMS' = '', 'PROTO' = 'TCP', 'ANONYMOUS_USERNAME' = 'anonymous', 'RESTRICT_SETEXTRAGROUPS' = '', 'TCPLOCALIP' = '128.177.27.100', 'LOG_TO_MASTER' = '1', 'MASTER_USER_SEPARATOR' = '', 'RESTRICT_SETUID' = '', 'REMOTE_IP' = '213.31.43.3', 'RESTRICT_USER' = '', 'DOVECOT_VERSION' = '1.0.rc15', 'MECHANISMS' = 'plain', 'RESTRICT_CHROOT' = '', 'DEFAULT_REALM' = '' }; ARGS: @ARGV = [ '%d', '/usr/libexec/dovecot/checkpassword-reply' ]; Thanks, Sawyer.