"nologin" field set leads to internal failure

Fri, 17 Aug 2018 06:51:39 -0700 

Hi,
I've tried to use the "nologin" extra password-db field as specified here: 
https://wiki.dovecot.org/PasswordDatabase/ExtraFields/NoLogin
Due to lack of exact documentation, I've tried to use `nologin`='y' for users that can't login, and setting `nologin`='n' for normal users.
Apparently setting it to NULL for normal users would have been correct, as I've found out. Maybe write that on the above website.
Anyway, login didn't work for a user with `nologin`='n' set. Trying to debug a normal user being unable to login, the log (mail.log) says:
dovecot: imap-login: Disconnected (internal failure, 4 successful auths): user=<t...@example.com>, method=PLAIN, rip=<ip6>, lip=<ip6>, TLS, session=<session>
What I'm expecting it to say would be something like "user not allowed to login". I'm considering this a problem because of "Dovecot always logs a detailed error message if something goes wrong." as written here: 
https://wiki2.dovecot.org/Logging
For the record, setting auth_debug=yes and mail_debug=yes gave the following line in the logs somewhere, from which I was able to figure out that NOLOGIN was the problem:
dovecot: auth: Debug: client passdb out: OK#011<id>#011user=t...@example.com#011nologin 

Thank you.



dovecot -n output:
--snip--
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-7-amd64 x86_64 Debian 9.5
auth_default_realm = example.com
base_dir = ...
listen = *,[v6]
login_greeting = ...
mail_home = .../%d/%n/
mail_location = maildir:~/mail/:INDEX=MEMORY
mail_plugins = trees
mail_temp_dir = ...
namespace inbox {
  inbox = yes
  location =
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocols = imap lmtp
recipient_delimiter = -+
service auth {
  unix_listener ... {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 0
  }
  service_count = 1
}
service lmtp {
  unix_listener ... {
    group = postfix
    mode = 0600
    user = postfix
  }
  user = vmail
}
ssl = required
ssl_cert = <...
ssl_cipher_list = ...
ssl_dh_parameters_length = 4096
ssl_key =  # hidden, use -P to show it
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
--snap--

Reply via email to