[Dovecot] root login is refused, but....

Andrew Hutchings info at a-wing.co.uk
Thu Jun 30 10:02:32 EEST 2005


Roberto Tagliaferri wrote:
> If i try to connect as root (dovecto 1.0) with wrong password doveco 
> exit with an auth error
> 
> robyt:~# telnet dns pop3
> Trying x.x.x.x
> Connected to dns.
> Escape character is '^]'.
> +OK Dovecot ready.
> user root
> +OK
> pass [wrong]
> -ERR Authentication failed.
> 
> but if the password is correct dovecot exit but with another error:
> 
> user root
> +OK
> pass [correct]
> -ERR [IN-USE] Internal login failure. Refer to server log for more 
> information.
> Connection closed by foreign host.
> robyt:~#
> 
> Why dovecot don't close the connection at user root?
> With this system i may know the root password..
> 
> 

Dovecot is hard coded to refuse the root use at the auth stage (when 
passing the user/pass entered).
You are right though, the root user should be rejected for the same 
reason no matter what the password.  The current method could be used to 
discover the root password.

Regards
Andrew

-- 
Andrew Hutchings (A-Wing) - Linux Guru
Netserve Consultants - http://www.domaincity.co.uk/
A-Wing Internet Services - http://www.a-wing.co.uk/
Random quote 94: "Interviewer: Is studying computer science the best way 
to prepare to be a programmer?   Gates: No, the best way to prepare is 
to write programs, and to study great programs that other people have 
written. In my case, I went to the garbage cans at the Computer Science 
Center and I fished out listings of their operating system." - 
PROGRAMMERS AT WORK, Microsoft Press


More information about the dovecot mailing list