:: [devuan-dev] bug#661: marked as don…
Top Page
Delete this message
Reply to this message
Author: Devuan bug Tracking System
Date: 2023-02-19 13:50 -000
To: Mark Hindley
Subject: [devuan-dev] bug#661: marked as done (dovecot fails to authenticate system users)
Your message dated Sun, 19 Feb 2023 13:47:39 +0000
with message-id <Y/Ioe4012g4Rz7RA@???>
and subject line Re: bug#661: dovecot fails to authenticate system users
has caused the Devuan bug report #661,
regarding dovecot fails to authenticate system users
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@???
immediately.)


--
661: https://bugs.devuan.org/cgi/bugreport.cgi?bug=661
Devuan Bug Tracking System
Contact owner@??? with problems
Package: dovecot-imapd 1:2.3.13+dfsg1-2

This *seems to be* a devuan problem on version 4 as there is no similar problem on debian 11 with identical config (see dovecot -n below). It commenced after a dist-upgrade from devuan 3 on *two* separate machines.

I've tried to get help with this on the dovecot list, but no one was able to find the problem; lack of devuan experience was sited. I also tried creating a new system user on the version 4 system, but the problem is the same. It appears that dovecot is unable to read /etc/shadow as it is possible to create virtual users as per
https://wiki.dovecot.org/HowTo/SimpleVirtualInstall

cat /etc/devuan_version
chimaera

telnet localhost 143
Trying 127.0.0.1...
Connected to bulawayo.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot (Debian) ready.
a login david xxxxxxxxx
a NO [UNAVAILABLE] Temporary authentication failure. [bulawayo:2022-01-29 21:46:29]

sudo dovecot -n
[sudo] password for david:
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.1
# Hostname: bulawayo
auth_debug = yes
auth_verbose = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/passwd
driver = passwd-file
}
passdb {
driver = pam
}
protocols = " imap"
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/home/vmail/%u
driver = static
}
userdb {
driver = passwd
}

nb the problem existed before the first userdb block was added for virtual users.

--
David Matthews
mail@???
Review of installed binaries revealed fscrypt which is implemented in golang and
hooks PAM authentication with libpam-fscrypt.

Closing.

Mark