![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2019-07-31
目錄
- Login format
- Dovecot-2 Config
- Dovecot-1 Config
- Multiple Authentication Databases
- Create Master User PW File
- Doc
Login format
user@domain*masteruser用作分隔的 "*" 由 "auth_master_user_separator" 設定
Remark
* The users in the master passdb cannot log in as themselves, only as other people.
(所以 master user 可以不在 userdb 內)
* 使用 master user 時 ACLs 會有問題 ( 可用 Post-login scripting 解決 )
Dovecot-2 Config
auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/passwd.masterusers
master = yes
result_success = continue
}
passdb {
driver = shadow
}
userdb {
driver = passwd
}result_success=continue
It means that Dovecot verifies that the login user really exists before allowing the master user to log in.
Dovecot-1 Config
# 一定要放在 auth 前, 否則會有
# Dec 27 10:52:44 myserver dovecot: auth(default): plain(?,127.0.0.1): Username contains disallowed character: 0x2a
auth_master_user_separator = *
auth default {
...............
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
# master user:
passdb passwd-file {
args = /etc/dovecot/passwd.masterusers
# 指出這個 passdb 是 master user DB
master = yes
# Dovecot verifies that the login user really exists before allowing the master user to log in
# pass=yes doesn't work with PAM or LDAP
pass = yes
}
...............
}
Multiple Authentication Databases
* if the password doesn't match in the first database, it checks the next one
e.g.
auth default {
# try to authenticate using SQL database first
passdb sql {
args = /etc/dovecot-sql.conf
}
# fallback to PAM
passdb pam {
}
# look up users from SQL first (even if authentication was done using PAM!)
userdb sql {
args = /etc/dovecot-sql.conf
}
# if not found, fallback to /etc/passwd
userdb passwd {
}
} * Currently the fallback works only with the PLAIN authentication mechanism.
Create Master User PW File
cd /etc/dovecot/
touch passwd.masterusers
chown vmail:vmail passwd.masterusers # owned by Dovecot daemon user and group
chmod 400 passwd.masterusers
新方法:
doveadm pw -s SSHA512
舊方法:
htpasswd -s passwd.masterusers masteruser password
cat passwd.masterusers
masteruser:{SHA1}?????=Debug:
mail_debug = yes auth_verbose = yes auth_debug = yes auth_debug_passwords = yes
Remark
要有 auth_verbose = yes 才可以 log 到有人用 master Login (不論 login 成功與否)
... dovecot: auth(default): passwd-file(postmaster,127.0.0.1,master): lookup: user=masteruser file=/etc/dovecot/passwd.masterusers ... dovecot: auth(default): passdb(postmaster,127.0.0.1,master): Master user logging in as [email protected]
一般 login 錯只見:
... dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<masteruser>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Doc
- Dovecot-2: http://wiki2.dovecot.org/Authentication/MasterUsers
- Dovecot-1: http://wiki1.dovecot.org/Authentication/MasterUsers
