Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 05-27-2008, 10:30 AM   #1
Registered: Jan 2004
Location: Tucson, AZ
Distribution: Fedora
Posts: 44

Rep: Reputation: 15
Question Dovecot Authenication - Help!

For the past few days I have been struggling to get Dovecot to use the shadow password file. I have the software running and can use a password file or plaintext to gain access. Here is the output for my configuration file:
# 1.0.13: /usr/etc/dovecot.conf
log_path: /var/log/maillog
protocols: pop3 pop3s
ssl_listen: *
verbose_ssl: yes
login_dir: /usr/var/run/dovecot/login
login_executable: /usr/libexec/dovecot/pop3-login
mail_executable: /usr/libexec/dovecot/pop3
mail_plugin_dir: /usr/lib/dovecot/pop3
pop3_uidl_format: %08Xu%08Xv
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
    driver: passwd
    driver: shadow
    driver: passwd
I want to remove pop3 access and just go with pop3s and have the user able to login without having to add each user to a password file.

What am I missing here? TIA!!
Old 05-28-2008, 07:07 PM   #2
LQ Guru
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Here's what's in mine ( a default CentOS install). I've cut fully commented out sections and tried to leave in some helpful comments. If you want send me an email through LQ and I'll send you the whole file.

Note that this simply uses the system authentication, which on my system is shadow

auth default {
  # Space separated list of wanted authentication mechanisms:
  #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
  mechanisms = plain

  # Password database is used to verify user's password (and nothing more).
  # You can have multiple passdbs and userdbs. This is useful if you want to
  # allow both system users (/etc/passwd) and virtual users to login without
  # duplicating the system users into virtual database.
  # By adding master=yes setting inside a passdb you make the passdb a list
  # of "master users", who can log in as anyone else. Unless you're using PAM,
  # you probably still want the destination user to be looked up from passdb
  # that it really exists. This can be done by adding pass=yes setting to the
  # master passdb.

  # Users can be temporarily disabled by adding a passdb with deny=yes.
  # If the user is found from that database, authentication will fail.
  # The deny passdb should always be specified before others, so it gets
  # checked first. Here's an example:
  # PAM authentication. Preferred nowadays by most systems. 
  # Note that PAM can only be used to verify if user's password is correct,
  # so it can't be used as userdb. If you don't want to use a separate user
  # database (passwd usually), you can use static userdb.
  # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
  # authentication to actually work.
  passdb pam {
    #  [session=yes] [setcred=yes] [cache_key=<key>] [<service name>]
    # session=yes makes Dovecot open and immediately close PAM session. Some
    # PAM plugins need this to work, such as pam_mkhomedir.
    # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins
    # need that. They aren't ever deleted though, so this isn't enabled by
    # default.
    # cache_key can be used to enable authentication caching for PAM
    # (auth_cache_size also needs to be set). It isn't enabled by default
    # because PAM modules can do all kinds of checks besides checking password,
    # such as checking IP address. Dovecot can't know about these checks
    # without some help. cache_key is simply a list of variables (see
    # doc/variables.txt) which must match for the cached data to be used.
    # Here are some examples:
    #   %u - Username must match. Probably sufficient for most uses.
    #   %u%r - Username and remote IP address must match.
    #   %u%s - Username and service (ie. IMAP, POP3) must match.
    # If service name is "*", it means the authenticating service name
    # is used, eg. pop3 or imap (/etc/pam.d/pop3, /etc/pam.d/imap).
    # Some examples:
    #   args = session=yes *
    #   args = cache_key=%u dovecot
    #args = dovecot

  # /etc/passwd or similar, using getpwnam()
  # In many systems nowadays this uses Name Service Switch, which is
  # configured in /etc/nsswitch.conf.
  #passdb passwd {

  # /etc/shadow or similiar, using getspnam(). Deprecated by PAM nowadays.
  #passdb shadow {

  # User database specifies where mails are located and what user/group IDs
  # own them. For single-UID configuration use "static".

  # /etc/passwd or similar, using getpwnam()
  # In many systems nowadays this uses Name Service Switch, which is
  # configured in /etc/nsswitch.conf. WARNING: nss_ldap is known to be broken
  # with Dovecot. Don't use it, or users might log in as each others!
  userdb passwd {

  # User to use for the process. This user needs access to only user and
  # password databases, nothing else. Only shadow and pam authentication
  # requires roots, so use something else if possible. Note that passwd
  # authentication with BSDs internally accesses shadow files, which also
  # requires roots. Note that this user is NOT used to access mails.
  # That user is specified by userdb above.
  user = root


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Authenication problem sunhui Linux - Networking 0 09-18-2006 08:24 PM
login authenication sunhui Linux - Security 0 09-11-2006 06:01 PM
Login Authenication sunhui Linux - Software 3 08-24-2006 05:25 AM
Can't get authenication with Apache bentman78 Linux - Software 3 09-10-2003 03:34 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:39 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration