Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For the past few days I have been struggling to get Dovecot to use the shadow password file. I have the software running and can use a password file or plaintext to gain access. Here is the output for my configuration file:
Here's what's in mine ( a default CentOS install). I've cut fully commented out sections and tried to leave in some helpful comments. If you want send me an email through LQ and I'll send you the whole file.
Note that this simply uses the system authentication, which on my system is shadow
Code:
auth default {
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
mechanisms = plain
#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# http://wiki.dovecot.org/PasswordDatabase
#
# By adding master=yes setting inside a passdb you make the passdb a list
# of "master users", who can log in as anyone else. Unless you're using PAM,
# you probably still want the destination user to be looked up from passdb
# that it really exists. This can be done by adding pass=yes setting to the
# master passdb.
#
# http://wiki.dovecot.org/MasterPassword
# Users can be temporarily disabled by adding a passdb with deny=yes.
# If the user is found from that database, authentication will fail.
# The deny passdb should always be specified before others, so it gets
# checked first. Here's an example:
# PAM authentication. Preferred nowadays by most systems.
# Note that PAM can only be used to verify if user's password is correct,
# so it can't be used as userdb. If you don't want to use a separate user
# database (passwd usually), you can use static userdb.
# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
# authentication to actually work.
# http://wiki.dovecot.org/PasswordDatabase/PAM
passdb pam {
# [session=yes] [setcred=yes] [cache_key=<key>] [<service name>]
#
# session=yes makes Dovecot open and immediately close PAM session. Some
# PAM plugins need this to work, such as pam_mkhomedir.
#
# setcred=yes makes Dovecot establish PAM credentials if some PAM plugins
# need that. They aren't ever deleted though, so this isn't enabled by
# default.
#
# cache_key can be used to enable authentication caching for PAM
# (auth_cache_size also needs to be set). It isn't enabled by default
# because PAM modules can do all kinds of checks besides checking password,
# such as checking IP address. Dovecot can't know about these checks
# without some help. cache_key is simply a list of variables (see
# doc/variables.txt) which must match for the cached data to be used.
# Here are some examples:
# %u - Username must match. Probably sufficient for most uses.
# %u%r - Username and remote IP address must match.
# %u%s - Username and service (ie. IMAP, POP3) must match.
#
# If service name is "*", it means the authenticating service name
# is used, eg. pop3 or imap (/etc/pam.d/pop3, /etc/pam.d/imap).
#
# Some examples:
# args = session=yes *
# args = cache_key=%u dovecot
#args = dovecot
}
# /etc/passwd or similar, using getpwnam()
# In many systems nowadays this uses Name Service Switch, which is
# configured in /etc/nsswitch.conf.
# http://wiki.dovecot.org/AuthDatabase/Passwd
#passdb passwd {
#}
# /etc/shadow or similiar, using getspnam(). Deprecated by PAM nowadays.
# http://wiki.dovecot.org/PasswordDatabase/Shadow
#passdb shadow {
#}
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static".
#
# http://wiki.dovecot.org/UserDatabase
#
# /etc/passwd or similar, using getpwnam()
# In many systems nowadays this uses Name Service Switch, which is
# configured in /etc/nsswitch.conf. WARNING: nss_ldap is known to be broken
# with Dovecot. Don't use it, or users might log in as each others!
# http://wiki.dovecot.org/AuthDatabase/Passwd
userdb passwd {
}
# User to use for the process. This user needs access to only user and
# password databases, nothing else. Only shadow and pam authentication
# requires roots, so use something else if possible. Note that passwd
# authentication with BSDs internally accesses shadow files, which also
# requires roots. Note that this user is NOT used to access mails.
# That user is specified by userdb above.
user = root
}
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Dovecot Authenication - Help!
