[Dovecot] passdb pam and userdb passwd "Authentication failure" errors

Mark Alan varia at e-healthexpert.org
Sat Dec 4 22:45:34 EET 2010

While using Ubuntu 10.10 + Dovecot 1.2.12 + Postfix 2.7.1-1:

To enable virtual accounts, I am using the
following /etc/dovecot/auth.d/virtualsomename.auth file:
  passdb passwd-file {
    args = /etc/dovecot/passwd
  userdb static {
    args = uid=vmail gid=vmail home=/home/vmail/%u

cat /etc/dovecot/passwd    looks like this:
timo at example.com:{PLAIN}hello123
dave at example.com:{PLAIN}world234

Issuing a 'sudo dovecot -n' shows:
auth default:
  verbose: yes
  debug: yes
  debug_passwords: yes
    driver: pam
    driver: passwd-file
    args: /etc/dovecot/passwd
    driver: passwd
    driver: static
    args: uid=vmail gid=vmail home=/home/vmail/%u

and while trying to connect to Dovecot as dave at example.com the log

2010-12-04 18:15:58 auth(default): Info: new auth connection: pid=15334
2010-12-04 18:15:58 auth(default): Info: client in: AUTH 1	PLAIN
service=smtp nologin lip= rip=
resp=AGRhdmVAZXhhbXBsZS5jb20Ad29ybGQyMzQ= 2010-12-04 18:15:58
auth-worker(default): Info: pam(dave at example.com, lookup
service=dovecot 2010-12-04 18:15:58 auth-worker(default): Info:
pam(dave at example.com, #1/1 style=1 msg=Password: 2010-12-04
18:16:00 auth-worker(default): Info: pam(dave at example.com,
pam_authenticate() failed: Authentication failure (password mismatch?)
(given password: world234)
2010-12-04 18:16:00 auth(default): Info:
passwd-file(dave at example.com, lookup: user=dave at example.com
file=/etc/dovecot/passwd 2010-12-04 18:16:00 auth(default): Info:
client out: OK	1	user=dave at example.com

I have 2 questions:

  QUESTION 1: To avoid those Authentication failure errors should I
  also comment out the passdb pam {...} and userdb passwd {...} blocks
  in the main /etc/dovecot/dovecot.conf?
I was thinking in something like:
sudo sed -i '/passdb pam {/,/}/s/^/#/' /etc/dovecot/dovecot.conf
sudo sed -i '/userdb passwd {/,/}/s/^/#/' /etc/dovecot/dovecot.conf

  QUESTION 2: the final email arrives with an email header that
Received: from desk.example.com (unknown [])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mail.example.com (Postfix) with ESMTPSA id F24707FE6D
 for <example at example.com>; Sat,  4 Dec 2010 18:16:00 +0000  (WET)

  Does this mean that I have SSL/TLS properly configured? The "No client
certificate requested" is supposed to be there?

Thank you.


More information about the dovecot mailing list