Re: Authentication questions

2024-05-09 Thread Christopher Wensink via dovecot 

This may help, see the post from 9/9/2021:
https://github.com/goauthentik/authentik/issues/1234

On 5/9/2024 2:50 PM, Francis Augusto Medeiros-Logeay via dovecot wrote:



On 9 May 2024, at 19:45, Aki Tuomi  wrote:

  

On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot 
mailto:dovecot@dovecot.org>> wrote:
  
  
Hi,
  
I was wondering:
  
1 - Is it possible to configure authentication methods per user? For example, oauth2 for most users, but plain for others?

2 - I had a feeling that when oauth2 authentication fails, dovecot tries to 
authenticate via plain with the received token. Doesn’t seem logical, but I get 
my user blocked on my directory server (freeipa) after a few failed oath 
authentications. If so, can this be prevented?
  
Best,
  
Francis

___
dovecot mailing list -- dovecot@dovecot.org 
To unsubscribe send an email to dovecot-le...@dovecot.org 


Yep. See 
https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/#passdb-setting
  
you can filter by mechanism.
  
Aki

The weird thing is that I get this still:

May 09 21:45:47 auth: Error: oauth2(myu...@mydomain.com,48.237.124.127): oauth2 
failed: Introspection failed: No username returned
May 09 21:45:47 auth: Error: ldap(myu...@mydomain.com,48.237.124.127): 
ldap_bind() failed: Constraint violation

Even when I have my configuration like this:

auth_mechanisms = $auth_mechanisms xoauth2 oauthbearer


passdb {
   driver = oauth2
   mechanisms = xoauth2 oauthbearer
   args = /etc/dovecot/dovecot-oauth2.conf.ext
   result_failure=return-fail
}

What could be the cause?

Best,
Francis


___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org



--
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive
Eau Claire, WI 54701
Office:  715-831-1682
Mobile:  715-563-3112
Fax:  715-831-6075
cwens...@five-star-plastics.com
www.five-star-plastics.com

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Authentication questions

2024-05-09 Thread Francis Augusto Medeiros-Logeay via dovecot 


> On 9 May 2024, at 19:45, Aki Tuomi  wrote:
> 
>  
>> On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot 
>> mailto:dovecot@dovecot.org>> wrote:
>>  
>>  
>> Hi,
>>  
>> I was wondering:
>>  
>> 1 - Is it possible to configure authentication methods per user? For 
>> example, oauth2 for most users, but plain for others?
>> 2 - I had a feeling that when oauth2 authentication fails, dovecot tries to 
>> authenticate via plain with the received token. Doesn’t seem logical, but I 
>> get my user blocked on my directory server (freeipa) after a few failed oath 
>> authentications. If so, can this be prevented?
>>  
>> Best,
>>  
>> Francis
>> ___
>> dovecot mailing list -- dovecot@dovecot.org 
>> To unsubscribe send an email to dovecot-le...@dovecot.org 
>>  
> Yep. See 
> https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/#passdb-setting
>  
> you can filter by mechanism.
>  
> Aki

The weird thing is that I get this still: 

May 09 21:45:47 auth: Error: oauth2(myu...@mydomain.com,48.237.124.127): oauth2 
failed: Introspection failed: No username returned
May 09 21:45:47 auth: Error: ldap(myu...@mydomain.com,48.237.124.127): 
ldap_bind() failed: Constraint violation

Even when I have my configuration like this:

auth_mechanisms = $auth_mechanisms xoauth2 oauthbearer


passdb {
  driver = oauth2
  mechanisms = xoauth2 oauthbearer
  args = /etc/dovecot/dovecot-oauth2.conf.ext
  result_failure=return-fail
}

What could be the cause? 

Best,
Francis 


___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Authentication questions

2024-05-09 Thread Francis Augusto Medeiros-Logeay via dovecot 


> On 9 May 2024, at 19:45, Aki Tuomi  wrote:
> 
>  
>> On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot 
>> mailto:dovecot@dovecot.org>> wrote:
>>  
>>  
>> Hi,
>>  
>> I was wondering:
>>  
>> 1 - Is it possible to configure authentication methods per user? For 
>> example, oauth2 for most users, but plain for others?
>> 2 - I had a feeling that when oauth2 authentication fails, dovecot tries to 
>> authenticate via plain with the received token. Doesn’t seem logical, but I 
>> get my user blocked on my directory server (freeipa) after a few failed oath 
>> authentications. If so, can this be prevented?
>>  
>> Best,
>>  
>> Francis
>> ___
>> dovecot mailing list -- dovecot@dovecot.org 
>> To unsubscribe send an email to dovecot-le...@dovecot.org 
>>  
> Yep. See 
> https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/#passdb-setting
>  
> you can filter by mechanism.
>  
> Aki

Thanks, this is great!

Best,
Francis

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Authentication questions

2024-05-09 Thread Aki Tuomi via dovecot 
 
 On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot
  wrote:
  
  
 Hi,
  
 I was wondering:
  
 1 - Is it possible to configure authentication methods per user? For
 example, oauth2 for most users, but plain for others?
 2 - I had a feeling that when oauth2 authentication fails, dovecot
 tries to authenticate via plain with the received token. Doesn’t seem
 logical, but I get my user blocked on my directory server (freeipa)
 after a few failed oath authentications. If so, can this be
 prevented?
  
 Best,
  
 Francis
 ___
 dovecot mailing list -- dovecot@dovecot.org
 To unsubscribe send an email to dovecot-le...@dovecot.org
 
Yep. See https://doc.dovecot.org/configuration_manual/authentication/
password_databases_passdb/#passdb-setting
 
you can filter by mechanism.
 
Aki
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Authentication questions

2024-05-09 Thread Francis Augusto Medeiros-Logeay via dovecot 
Hi,

I was wondering:

1 - Is it possible to configure authentication methods per user? For example, 
oauth2 for most users, but plain for others?
2 - I had a feeling that when oauth2 authentication fails, dovecot tries to 
authenticate via plain with the received token. Doesn’t seem logical, but I get 
my user blocked on my directory server (freeipa) after a few failed oath 
authentications. If so, can this be prevented?

Best,

Francis 
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org