Enabling Master User for migration

newer
OT: Central sieve management

older
Shared inbox?

Charles Marcus

29 May 2015 29 May '15

4:03 p.m.

Hi all,

Ok, just need a quick-n-dirty way to enable a master user for a migration...

Reading the docs, I'm not sure what the bare minimum is I need to do this...

At: http://wiki2.dovecot.org/Authentication/MasterUsers

The Example config shows:

auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes } passdb { driver = shadow } userdb { driver = passwd }

But, if I'm using a non-real user (just need a master user that can log in as all other users for the migration), do I need all three of these? Or just the first two? Or, just the first one?

I think I need the first two and not the last one, but am unsure. This is on a production system so don't want to break things, and I'm unfamiliar with using multiple passdb's...

Thanks,

Charles

Show replies by date

Dominik Breu

29 May 29 May

4:25 p.m.

Hello Charles,

the bare minimum ist just the first passdb entry auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes }

this will do the trick.

greetings dominik Am Freitag, den 29.05.2015, 09:03 -0400 schrieb Charles Marcus:

...

Charles Marcus

4:36 p.m.

On 5/29/2015 9:25 AM, Dominik Breu <dominik@dominikbreu.de> wrote:

...

Thanks... so, just checking, was it normal to see a whole bunch of these errors for a few seconds after reloading the dovecot config:

Error: Auth worker sees different passdbs/userdbs than auth server. Maybe config just changed and this goes away automatically?

As the error shows, they did go away by themselves after about 10+ seconds...

Thanks again!

Charles

Charles Marcus

4:55 p.m.

On 5/29/2015 9:25 AM, Dominik Breu <dominik@dominikbreu.de> wrote:

...

Ok, this isn't working, I'm getting auth failed when testing either with telnet or doing it in Thunderbird.

I tried both using the htpasswd method for generating the password in the passwd file, and when that failed, I also tried just putting the password in the file in plain text...

So... what am I missing/doing wrong?

Thanks,

Charles

Charles Marcus

5:14 p.m.

Apologies - maybe doveconf -n shows a hint at the problem?

Maybe it has to do with I'm using the default_realm? But I've tried adding the user as both the local part, and with the fqdn...

...

doveconf -n

2.2.15: /etc/dovecot/dovecot.conf

Pigeonhole version 0.4.6 (3e924b1b6c5c+)

OS: Linux 3.10.41-gentoo-r1 x86_64 Gentoo Base System release 2.2

auth_default_realm = media-brokers.com auth_master_user_separator = * auth_mechanisms = plain login deliver_log_format = msgid=%m: subject=%s: %$ first_valid_uid = 200 last_valid_uid = 200 listen = * login_log_format_elements = user=<%u> method=%m %c rip=%r lport=%{lport} mail_attachment_dir = /var/vmail/%d/attachments mail_gid = vmail mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox "Deleted Items" { special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox "Junk E-mail" { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap { process_limit = 2048 } ssl = required ssl_cert = </etc/ssl/mbiCerts/RapidSSL/mail_mbi.crt ssl_key = </etc/ssl/mbiCerts/RapidSSL/mail_mbi.key userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol smtp { auth_verbose = yes } protocol lda { auth_verbose = yes mail_plugins = sieve } protocol imap { mail_max_userip_connections = 20 }

Charles

On 5/29/2015 9:55 AM, Charles Marcus <CMarcus@Media-Brokers.com> wrote:

...

Dominik Breu

5:58 p.m.

hello,

in which way do you login ?

loginuser*masteruser or just masteruser?

You have to do the login with loginuser*masteruser masterpass

greetings dominik Am Freitag, den 29.05.2015, 10:14 -0400 schrieb Charles Marcus:

...

Apologies - maybe doveconf -n shows a hint at the problem?

Maybe it has to do with I'm using the default_realm? But I've tried adding the user as both the local part, and with the fqdn...

...
doveconf -n

2.2.15: /etc/dovecot/dovecot.conf

Pigeonhole version 0.4.6 (3e924b1b6c5c+)

OS: Linux 3.10.41-gentoo-r1 x86_64 Gentoo Base System release 2.2

auth_default_realm = media-brokers.com auth_master_user_separator = * auth_mechanisms = plain login deliver_log_format = msgid=%m: subject=%s: %$ first_valid_uid = 200 last_valid_uid = 200 listen = * login_log_format_elements = user=<%u> method=%m %c rip=%r lport=%{lport} mail_attachment_dir = /var/vmail/%d/attachments mail_gid = vmail mail_location = maildir:~/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox "Deleted Items" { special_use = \Trash } mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox "Junk E-mail" { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 0 } service imap { process_limit = 2048 } ssl = required ssl_cert = </etc/ssl/mbiCerts/RapidSSL/mail_mbi.crt ssl_key = </etc/ssl/mbiCerts/RapidSSL/mail_mbi.key userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol smtp { auth_verbose = yes } protocol lda { auth_verbose = yes mail_plugins = sieve } protocol imap { mail_max_userip_connections = 20 }

Charles

On 5/29/2015 9:55 AM, Charles Marcus <CMarcus@Media-Brokers.com> wrote:

...
On 5/29/2015 9:25 AM, Dominik Breu <dominik@dominikbreu.de> wrote:

...
Hello Charles,

the bare minimum ist just the first passdb entry auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/passwd.masterusers master = yes pass = yes }

this will do the trick. Ok, this isn't working, I'm getting auth failed when testing either with telnet or doing it in Thunderbird.

I tried both using the htpasswd method for generating the password in the passwd file, and when that failed, I also tried just putting the password in the file in plain text...

So... what am I missing/doing wrong?

Thanks,

Charles

Charles Marcus

6:08 p.m.

On 5/29/2015 10:58 AM, Dominik Breu <dominik@dominikbreu.de> wrote:

...

Thanks dominik, but I figured out what I did wrong...

I changed the password using htpasswd again, but neglected to use the -s switch to tell it to use SHA1 encryption method (finally noticed the $apr1$ at the beginning of the encrypted passwd in the file)...

Changing the passwd again using the -s switch now it works...

Thanks again!

Charles

3747

Age (days ago)

3747

Last active (days ago)

List overview

6 comments

2 participants

participants (2)

Charles Marcus
Dominik Breu